5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
Size

184KB
MD5

c7bdb6530648f3778c7666050bc1e811
SHA1

4993f9cde4d3b84779e4584de6c9aeb0ec08825e
SHA256

5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b
SHA512

b56ebc60a55c216a02097ff263a6a284e3fd6b3be6a2246e7abff164a988853ba20e6b0cd7d517e01d7486fb6ab07de0291a2d8b2ff82ec523c62fd5c1596bf5
SSDEEP

3072:nbbpRB8o176QTdo7/e8TLRtxBhlnVi4Fn3:nbWo3Jo7/LbxBhlnVi4F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-62241.exeUnicorn-49522.exeUnicorn-3850.exeUnicorn-10155.exeUnicorn-25100.exeUnicorn-6071.exeUnicorn-30659.exeUnicorn-65469.exeUnicorn-6709.exeUnicorn-41519.exeUnicorn-26575.exeUnicorn-49470.exeUnicorn-6491.exeUnicorn-26357.exeUnicorn-57083.exeUnicorn-52999.exeUnicorn-52999.exeUnicorn-2407.exeUnicorn-14187.exeUnicorn-42776.exeUnicorn-38692.exeUnicorn-53637.exeUnicorn-7965.exeUnicorn-34608.exeUnicorn-14742.exeUnicorn-45469.exeUnicorn-10658.exeUnicorn-30524.exeUnicorn-33778.exeUnicorn-23149.exeUnicorn-6066.exeUnicorn-47654.exeUnicorn-16927.exeUnicorn-28433.exeUnicorn-35209.exeUnicorn-55075.exeUnicorn-61852.exeUnicorn-57768.exeUnicorn-3928.exeUnicorn-30379.exeUnicorn-30379.exeUnicorn-26295.exeUnicorn-61105.exeUnicorn-2345.exeUnicorn-19471.exeUnicorn-54281.exeUnicorn-34415.exeUnicorn-56227.exeUnicorn-5635.exeUnicorn-1551.exeUnicorn-35807.exeUnicorn-58173.exeUnicorn-52698.exeUnicorn-37753.exeUnicorn-34245.exeUnicorn-41021.exeUnicorn-17909.exeUnicorn-17909.exeUnicorn-44551.exeUnicorn-13824.exeUnicorn-40467.exeUnicorn-55412.exeUnicorn-51328.exeUnicorn-5656.exe

pid	process
2356	Unicorn-62241.exe
2604	Unicorn-49522.exe
2600	Unicorn-3850.exe
2064	Unicorn-10155.exe
2796	Unicorn-25100.exe
2460	Unicorn-6071.exe
2508	Unicorn-30659.exe
2756	Unicorn-65469.exe
752	Unicorn-6709.exe
1528	Unicorn-41519.exe
1976	Unicorn-26575.exe
2060	Unicorn-49470.exe
3024	Unicorn-6491.exe
2844	Unicorn-26357.exe
2272	Unicorn-57083.exe
672	Unicorn-52999.exe
780	Unicorn-52999.exe
984	Unicorn-2407.exe
1972	Unicorn-14187.exe
692	Unicorn-42776.exe
1600	Unicorn-38692.exe
1356	Unicorn-53637.exe
764	Unicorn-7965.exe
1856	Unicorn-34608.exe
2840	Unicorn-14742.exe
1748	Unicorn-45469.exe
2540	Unicorn-10658.exe
2132	Unicorn-30524.exe
2232	Unicorn-33778.exe
1992	Unicorn-23149.exe
2688	Unicorn-6066.exe
2668	Unicorn-47654.exe
2592	Unicorn-16927.exe
2596	Unicorn-28433.exe
2728	Unicorn-35209.exe
2524	Unicorn-55075.exe
2360	Unicorn-61852.exe
308	Unicorn-57768.exe
2748	Unicorn-3928.exe
2500	Unicorn-30379.exe
748	Unicorn-30379.exe
1792	Unicorn-26295.exe
1284	Unicorn-61105.exe
2180	Unicorn-2345.exe
1692	Unicorn-19471.exe
2288	Unicorn-54281.exe
1644	Unicorn-34415.exe
1512	Unicorn-56227.exe
2248	Unicorn-5635.exe
1552	Unicorn-1551.exe
1872	Unicorn-35807.exe
1660	Unicorn-58173.exe
2976	Unicorn-52698.exe
1524	Unicorn-37753.exe
1708	Unicorn-34245.exe
1788	Unicorn-41021.exe
2968	Unicorn-17909.exe
2368	Unicorn-17909.exe
1244	Unicorn-44551.exe
548	Unicorn-13824.exe
2988	Unicorn-40467.exe
2472	Unicorn-55412.exe
2624	Unicorn-51328.exe
2488	Unicorn-5656.exe

Loads dropped DLL 64 IoCs

Processes:

5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exeUnicorn-62241.exeUnicorn-3850.exeUnicorn-49522.exeWerFault.exeUnicorn-25100.exeUnicorn-6071.exeUnicorn-10155.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-30659.exeUnicorn-6709.exeUnicorn-41519.exeUnicorn-26575.exeWerFault.exeWerFault.exe

pid	process
2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
2356	Unicorn-62241.exe
2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
2356	Unicorn-62241.exe
2600	Unicorn-3850.exe
2600	Unicorn-3850.exe
2356	Unicorn-62241.exe
2356	Unicorn-62241.exe
2604	Unicorn-49522.exe
2604	Unicorn-49522.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
2796	Unicorn-25100.exe
2460	Unicorn-6071.exe
2796	Unicorn-25100.exe
2460	Unicorn-6071.exe
2600	Unicorn-3850.exe
2604	Unicorn-49522.exe
2064	Unicorn-10155.exe
2604	Unicorn-49522.exe
2600	Unicorn-3850.exe
2064	Unicorn-10155.exe
404	WerFault.exe
404	WerFault.exe
404	WerFault.exe
404	WerFault.exe
404	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
2460	Unicorn-6071.exe
2460	Unicorn-6071.exe
1592	WerFault.exe
2508	Unicorn-30659.exe
2796	Unicorn-25100.exe
2796	Unicorn-25100.exe
752	Unicorn-6709.exe
2508	Unicorn-30659.exe
752	Unicorn-6709.exe
1528	Unicorn-41519.exe
1528	Unicorn-41519.exe
1976	Unicorn-26575.exe
1976	Unicorn-26575.exe
2064	Unicorn-10155.exe
2064	Unicorn-10155.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2468	2876	WerFault.exe	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
1204	2356	WerFault.exe	Unicorn-62241.exe
404	2600	WerFault.exe	Unicorn-3850.exe
816	2604	WerFault.exe	Unicorn-49522.exe
1592	2756	WerFault.exe	Unicorn-65469.exe
1884	2460	WerFault.exe	Unicorn-6071.exe
556	2796	WerFault.exe	Unicorn-25100.exe
844	2064	WerFault.exe	Unicorn-10155.exe
824	2508	WerFault.exe	Unicorn-30659.exe
1544	752	WerFault.exe	Unicorn-6709.exe
2932	1976	WerFault.exe	Unicorn-26575.exe
1612	1528	WerFault.exe	Unicorn-41519.exe
1640	2060	WerFault.exe	Unicorn-49470.exe
1956	3024	WerFault.exe	Unicorn-6491.exe
2828	2844	WerFault.exe	Unicorn-26357.exe
2640	672	WerFault.exe	Unicorn-52999.exe
268	984	WerFault.exe	Unicorn-2407.exe
1504	2272	WerFault.exe	Unicorn-57083.exe
1160	780	WerFault.exe	Unicorn-52999.exe
2908	1972	WerFault.exe	Unicorn-14187.exe
2028	692	WerFault.exe	Unicorn-42776.exe
1696	1856	WerFault.exe	Unicorn-34608.exe
1632	764	WerFault.exe	Unicorn-7965.exe
2076	1600	WerFault.exe	Unicorn-38692.exe
1564	2540	WerFault.exe	Unicorn-10658.exe
888	1356	WerFault.exe	Unicorn-53637.exe
1296	1644	WerFault.exe	Unicorn-34415.exe
1676	1748	WerFault.exe	Unicorn-45469.exe
1876	2132	WerFault.exe	Unicorn-30524.exe
1456	1992	WerFault.exe	Unicorn-23149.exe
2616	2232	WerFault.exe	Unicorn-33778.exe
2280	2688	WerFault.exe	Unicorn-6066.exe
2840	2592	WerFault.exe	Unicorn-16927.exe
872	2524	WerFault.exe	Unicorn-55075.exe
2112	2728	WerFault.exe	Unicorn-35209.exe
2252	2596	WerFault.exe	Unicorn-28433.exe
2628	748	WerFault.exe	Unicorn-30379.exe
2448	2180	WerFault.exe	Unicorn-2345.exe
1824	2748	WerFault.exe	Unicorn-3928.exe
2872	1284	WerFault.exe	Unicorn-61105.exe
1848	1792	WerFault.exe	Unicorn-26295.exe
3080	308	WerFault.exe	Unicorn-57768.exe
3140	2360	WerFault.exe	Unicorn-61852.exe
3148	2500	WerFault.exe	Unicorn-30379.exe
3328	1512	WerFault.exe	Unicorn-56227.exe
3508	1692	WerFault.exe	Unicorn-19471.exe
3572	2288	WerFault.exe	Unicorn-54281.exe
3636	2248	WerFault.exe	Unicorn-5635.exe
3660	1660	WerFault.exe	Unicorn-58173.exe
3324	2532	WerFault.exe	Unicorn-12241.exe
3736	1788	WerFault.exe	Unicorn-41021.exe
3796	548	WerFault.exe	Unicorn-13824.exe
3988	2372	WerFault.exe	Unicorn-36636.exe
4072	1424	WerFault.exe	Unicorn-42666.exe
3316	3060	WerFault.exe	Unicorn-1655.exe
3600	1244	WerFault.exe	Unicorn-44551.exe
3812	1552	WerFault.exe	Unicorn-1551.exe
3928	624	WerFault.exe	Unicorn-26160.exe
3092	2548	WerFault.exe	Unicorn-13715.exe
4140	2976	WerFault.exe	Unicorn-52698.exe
4148	1524	WerFault.exe	Unicorn-37753.exe
4228	2228	WerFault.exe	Unicorn-59963.exe
4236	876	WerFault.exe	Unicorn-22438.exe
4268	880	WerFault.exe	Unicorn-11577.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exeUnicorn-62241.exeUnicorn-49522.exeUnicorn-3850.exeUnicorn-10155.exeUnicorn-25100.exeUnicorn-6071.exeUnicorn-65469.exeUnicorn-30659.exeUnicorn-26575.exeUnicorn-41519.exeUnicorn-6709.exeUnicorn-49470.exeUnicorn-6491.exeUnicorn-57083.exeUnicorn-52999.exeUnicorn-2407.exeUnicorn-26357.exeUnicorn-52999.exeUnicorn-14187.exeUnicorn-42776.exeUnicorn-38692.exeUnicorn-7965.exeUnicorn-34608.exeUnicorn-53637.exeUnicorn-14742.exeUnicorn-10658.exeUnicorn-45469.exeUnicorn-30524.exeUnicorn-33778.exeUnicorn-23149.exeUnicorn-6066.exeUnicorn-47654.exeUnicorn-16927.exeUnicorn-28433.exeUnicorn-55075.exeUnicorn-35209.exeUnicorn-57768.exeUnicorn-61852.exeUnicorn-3928.exeUnicorn-30379.exeUnicorn-30379.exeUnicorn-26295.exeUnicorn-61105.exeUnicorn-2345.exeUnicorn-19471.exeUnicorn-54281.exeUnicorn-34415.exeUnicorn-56227.exeUnicorn-5635.exeUnicorn-1551.exeUnicorn-35807.exeUnicorn-58173.exeUnicorn-52698.exeUnicorn-37753.exeUnicorn-34245.exeUnicorn-41021.exeUnicorn-17909.exeUnicorn-13824.exeUnicorn-17909.exeUnicorn-44551.exeUnicorn-55412.exeUnicorn-40467.exeUnicorn-51328.exe

pid	process
2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
2356	Unicorn-62241.exe
2604	Unicorn-49522.exe
2600	Unicorn-3850.exe
2064	Unicorn-10155.exe
2796	Unicorn-25100.exe
2460	Unicorn-6071.exe
2756	Unicorn-65469.exe
2508	Unicorn-30659.exe
1976	Unicorn-26575.exe
1528	Unicorn-41519.exe
752	Unicorn-6709.exe
2060	Unicorn-49470.exe
3024	Unicorn-6491.exe
2272	Unicorn-57083.exe
672	Unicorn-52999.exe
984	Unicorn-2407.exe
2844	Unicorn-26357.exe
780	Unicorn-52999.exe
1972	Unicorn-14187.exe
692	Unicorn-42776.exe
1600	Unicorn-38692.exe
764	Unicorn-7965.exe
1856	Unicorn-34608.exe
1356	Unicorn-53637.exe
2840	Unicorn-14742.exe
2540	Unicorn-10658.exe
1748	Unicorn-45469.exe
2132	Unicorn-30524.exe
2232	Unicorn-33778.exe
1992	Unicorn-23149.exe
2688	Unicorn-6066.exe
2668	Unicorn-47654.exe
2592	Unicorn-16927.exe
2596	Unicorn-28433.exe
2524	Unicorn-55075.exe
2728	Unicorn-35209.exe
308	Unicorn-57768.exe
2360	Unicorn-61852.exe
2748	Unicorn-3928.exe
748	Unicorn-30379.exe
2500	Unicorn-30379.exe
1792	Unicorn-26295.exe
1284	Unicorn-61105.exe
2180	Unicorn-2345.exe
1692	Unicorn-19471.exe
2288	Unicorn-54281.exe
1644	Unicorn-34415.exe
1512	Unicorn-56227.exe
2248	Unicorn-5635.exe
1552	Unicorn-1551.exe
1872	Unicorn-35807.exe
1660	Unicorn-58173.exe
2976	Unicorn-52698.exe
1524	Unicorn-37753.exe
1708	Unicorn-34245.exe
1788	Unicorn-41021.exe
2968	Unicorn-17909.exe
548	Unicorn-13824.exe
2368	Unicorn-17909.exe
1244	Unicorn-44551.exe
2472	Unicorn-55412.exe
2988	Unicorn-40467.exe
2624	Unicorn-51328.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exeUnicorn-62241.exeUnicorn-3850.exeUnicorn-49522.exeUnicorn-25100.exeUnicorn-6071.exeUnicorn-10155.exeUnicorn-65469.exe

description	pid	process	target process
PID 2876 wrote to memory of 2356	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-62241.exe
PID 2876 wrote to memory of 2356	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-62241.exe
PID 2876 wrote to memory of 2356	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-62241.exe
PID 2876 wrote to memory of 2356	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-62241.exe
PID 2876 wrote to memory of 2604	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-49522.exe
PID 2876 wrote to memory of 2604	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-49522.exe
PID 2876 wrote to memory of 2604	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-49522.exe
PID 2876 wrote to memory of 2604	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	Unicorn-49522.exe
PID 2356 wrote to memory of 2600	2356	Unicorn-62241.exe	Unicorn-3850.exe
PID 2356 wrote to memory of 2600	2356	Unicorn-62241.exe	Unicorn-3850.exe
PID 2356 wrote to memory of 2600	2356	Unicorn-62241.exe	Unicorn-3850.exe
PID 2356 wrote to memory of 2600	2356	Unicorn-62241.exe	Unicorn-3850.exe
PID 2876 wrote to memory of 2468	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	WerFault.exe
PID 2876 wrote to memory of 2468	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	WerFault.exe
PID 2876 wrote to memory of 2468	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	WerFault.exe
PID 2876 wrote to memory of 2468	2876	5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe	WerFault.exe
PID 2600 wrote to memory of 2064	2600	Unicorn-3850.exe	Unicorn-10155.exe
PID 2600 wrote to memory of 2064	2600	Unicorn-3850.exe	Unicorn-10155.exe
PID 2600 wrote to memory of 2064	2600	Unicorn-3850.exe	Unicorn-10155.exe
PID 2600 wrote to memory of 2064	2600	Unicorn-3850.exe	Unicorn-10155.exe
PID 2356 wrote to memory of 2796	2356	Unicorn-62241.exe	Unicorn-25100.exe
PID 2356 wrote to memory of 2796	2356	Unicorn-62241.exe	Unicorn-25100.exe
PID 2356 wrote to memory of 2796	2356	Unicorn-62241.exe	Unicorn-25100.exe
PID 2356 wrote to memory of 2796	2356	Unicorn-62241.exe	Unicorn-25100.exe
PID 2604 wrote to memory of 2460	2604	Unicorn-49522.exe	Unicorn-6071.exe
PID 2604 wrote to memory of 2460	2604	Unicorn-49522.exe	Unicorn-6071.exe
PID 2604 wrote to memory of 2460	2604	Unicorn-49522.exe	Unicorn-6071.exe
PID 2604 wrote to memory of 2460	2604	Unicorn-49522.exe	Unicorn-6071.exe
PID 2356 wrote to memory of 1204	2356	Unicorn-62241.exe	WerFault.exe
PID 2356 wrote to memory of 1204	2356	Unicorn-62241.exe	WerFault.exe
PID 2356 wrote to memory of 1204	2356	Unicorn-62241.exe	WerFault.exe
PID 2356 wrote to memory of 1204	2356	Unicorn-62241.exe	WerFault.exe
PID 2796 wrote to memory of 2508	2796	Unicorn-25100.exe	Unicorn-30659.exe
PID 2796 wrote to memory of 2508	2796	Unicorn-25100.exe	Unicorn-30659.exe
PID 2796 wrote to memory of 2508	2796	Unicorn-25100.exe	Unicorn-30659.exe
PID 2796 wrote to memory of 2508	2796	Unicorn-25100.exe	Unicorn-30659.exe
PID 2460 wrote to memory of 2756	2460	Unicorn-6071.exe	Unicorn-65469.exe
PID 2460 wrote to memory of 2756	2460	Unicorn-6071.exe	Unicorn-65469.exe
PID 2460 wrote to memory of 2756	2460	Unicorn-6071.exe	Unicorn-65469.exe
PID 2460 wrote to memory of 2756	2460	Unicorn-6071.exe	Unicorn-65469.exe
PID 2604 wrote to memory of 752	2604	Unicorn-49522.exe	Unicorn-6709.exe
PID 2604 wrote to memory of 752	2604	Unicorn-49522.exe	Unicorn-6709.exe
PID 2604 wrote to memory of 752	2604	Unicorn-49522.exe	Unicorn-6709.exe
PID 2604 wrote to memory of 752	2604	Unicorn-49522.exe	Unicorn-6709.exe
PID 2600 wrote to memory of 1528	2600	Unicorn-3850.exe	Unicorn-41519.exe
PID 2600 wrote to memory of 1528	2600	Unicorn-3850.exe	Unicorn-41519.exe
PID 2600 wrote to memory of 1528	2600	Unicorn-3850.exe	Unicorn-41519.exe
PID 2600 wrote to memory of 1528	2600	Unicorn-3850.exe	Unicorn-41519.exe
PID 2064 wrote to memory of 1976	2064	Unicorn-10155.exe	Unicorn-26575.exe
PID 2064 wrote to memory of 1976	2064	Unicorn-10155.exe	Unicorn-26575.exe
PID 2064 wrote to memory of 1976	2064	Unicorn-10155.exe	Unicorn-26575.exe
PID 2064 wrote to memory of 1976	2064	Unicorn-10155.exe	Unicorn-26575.exe
PID 2600 wrote to memory of 404	2600	Unicorn-3850.exe	WerFault.exe
PID 2600 wrote to memory of 404	2600	Unicorn-3850.exe	WerFault.exe
PID 2600 wrote to memory of 404	2600	Unicorn-3850.exe	WerFault.exe
PID 2600 wrote to memory of 404	2600	Unicorn-3850.exe	WerFault.exe
PID 2604 wrote to memory of 816	2604	Unicorn-49522.exe	WerFault.exe
PID 2604 wrote to memory of 816	2604	Unicorn-49522.exe	WerFault.exe
PID 2604 wrote to memory of 816	2604	Unicorn-49522.exe	WerFault.exe
PID 2604 wrote to memory of 816	2604	Unicorn-49522.exe	WerFault.exe
PID 2756 wrote to memory of 1592	2756	Unicorn-65469.exe	WerFault.exe
PID 2756 wrote to memory of 1592	2756	Unicorn-65469.exe	WerFault.exe
PID 2756 wrote to memory of 1592	2756	Unicorn-65469.exe	WerFault.exe
PID 2756 wrote to memory of 1592	2756	Unicorn-65469.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe
"C:\Users\Admin\AppData\Local\Temp\5fe493e98f8585916a067eb253785aa3808d9578357c1f2e6f3278d0d6d57e0b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        9⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        10⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        11⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        12⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        13⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        14⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        15⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
        15⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        14⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        13⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        12⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        11⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        12⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        13⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        14⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        13⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        12⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 220
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        11⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23750.exe
        12⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        13⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 236
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        11⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
        9⤵
        Program crash
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        9⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        11⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        12⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
        13⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        13⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        12⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        10⤵
        Program crash
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        11⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        9⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        8⤵
        Program crash
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        12⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        13⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        13⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        12⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        12⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        13⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 220
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        10⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 220
        9⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
        8⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        11⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        12⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
        9⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
        8⤵
        Program crash
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        7⤵
        Program crash
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        10⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
        11⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        13⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 236
        13⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        9⤵
        Program crash
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        11⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        12⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        11⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        9⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        8⤵
        Program crash
        
        PID:1848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        7⤵
        Program crash
        
        PID:1676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
        6⤵
        Program crash
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        12⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        13⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        13⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        12⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        11⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        12⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        13⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        12⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        10⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
        11⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 220
        11⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
        9⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        8⤵
        Program crash
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        11⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        12⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        13⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        13⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        12⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        11⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        10⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
        9⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
        8⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        7⤵
        Program crash
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 236
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 220
        11⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18151.exe
        11⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
        10⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        8⤵
        Program crash
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        11⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        8⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        7⤵
        Program crash
        
        PID:2112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        6⤵
        Program crash
        
        PID:268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        5⤵
        Program crash
        
        PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        11⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        13⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 236
        13⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
        12⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        11⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        11⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 220
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
        9⤵
        Program crash
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        11⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        12⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
        11⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        8⤵
        Program crash
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        7⤵
        Program crash
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        12⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        13⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 204
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 220
        11⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        11⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        12⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 220
        11⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        10⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        11⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        11⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 220
        10⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        8⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        7⤵
        Program crash
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        6⤵
        Program crash
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        11⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        12⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        12⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        11⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        10⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
        11⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        12⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        11⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 220
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        9⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 220
        7⤵
        Program crash
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        11⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 204
        11⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        9⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        10⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        11⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 236
        11⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        9⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        7⤵
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 220
        6⤵
        Program crash
        
        PID:888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        5⤵
        Program crash
        
        PID:1612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        11⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        12⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        10⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 236
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
        10⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        11⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 220
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
        8⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        Program crash
        
        PID:2840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
        6⤵
        Program crash
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        11⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        12⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        13⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        12⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        11⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        10⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
        10⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        11⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        10⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        10⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        11⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10517.exe
        12⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        11⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        7⤵
        Program crash
        
        PID:1824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        6⤵
        Program crash
        
        PID:1564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        5⤵
        Program crash
        
        PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        11⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        12⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        13⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        14⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 220
        13⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        12⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        10⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        12⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        13⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 240
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        12⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 200
        13⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 204
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        10⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        9⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18151.exe
        11⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
        12⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 236
        11⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        10⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        Program crash
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        11⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        12⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        12⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        11⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        11⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        12⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 236
        12⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 240
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58928.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        10⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10600.exe
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
        11⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
        10⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        8⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        7⤵
        Program crash
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 236
        11⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        10⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        9⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        10⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
        10⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 220
        9⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        8⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        7⤵
        Program crash
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        6⤵
        Program crash
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        5⤵
        Program crash
        
        PID:1956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:556
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        12⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        13⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 236
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        12⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        11⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
        12⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
        12⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        11⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        11⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        12⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 236
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        9⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 220
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64548.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
        12⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
        8⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        7⤵
        Program crash
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        11⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 220
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        10⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        10⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        11⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        8⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        7⤵
        Program crash
        
        PID:1296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        10⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        11⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
        12⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 236
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58928.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        10⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
        11⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 236
        10⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        9⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        11⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        11⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 240
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
        9⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 212
        10⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        9⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 220
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        7⤵
        Program crash
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        6⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        10⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        11⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
        7⤵
        Program crash
        
        PID:4072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:1456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        5⤵
        Program crash
        
        PID:1640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        12⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        12⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        9⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        10⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        12⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 236
        12⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        9⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        8⤵
        Program crash
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        11⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 236
        11⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        9⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        10⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        10⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        11⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        12⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 220
        13⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 220
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        11⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        11⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 240
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
        10⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        11⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        10⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        10⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        10⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        9⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        8⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        7⤵
        Program crash
        
        PID:4140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 220
        6⤵
        Program crash
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        6⤵
        Executes dropped EXE
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        10⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        11⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        9⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        10⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        11⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
        11⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        10⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        9⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        8⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        9⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        10⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        11⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        10⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        8⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
        7⤵
        Program crash
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        6⤵
        Program crash
        
        PID:3140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        5⤵
        Program crash
        
        PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        10⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        11⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
        11⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 220
        10⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        10⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        10⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        9⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        8⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        10⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        11⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        10⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        8⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        7⤵
        Program crash
        
        PID:4236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        6⤵
        Program crash
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        9⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
        10⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        9⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        8⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        7⤵
        
        PID:5572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        6⤵
        Program crash
        
        PID:3324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
      4⤵
      Program crash
      PID:1544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
  2⤵
  - Program crash
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe

Filesize
184KB

MD5
f9df264d8f7488d4084ad34313be6736

SHA1
780ff71eaa59e3194808d9d988f74fa448361f9e

SHA256
5ed69cc7db39f0033beca1bd6713114bb6a5b7568f91c1f1fd4d4537b863edc1

SHA512
8c700b4207b27e19ba8fb02de4b43e50ac61494ebeed15ad0591c5efde534626405699c5a25aeb2f05cfc2fb0329a15b322780ceacf44cd050f8ca6f4cce2b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe

Filesize
184KB

MD5
f3b8796caf1cbdf141846dcfdcb091f3

SHA1
f0204790baf03ad1702978264252eaa8f3e2b951

SHA256
ad3f8e93654e149aa8ad333b426002f2b90f0a8485c3aad24d0dfda46d3ea1f3

SHA512
b41a42c4b8b3a15305989996d197876443d0e442b7dac4194a848539d95a1c579d5d3e474a1efeb5f77cdd9be53147e02fc50b4015143c8fd8900160d91096d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe

Filesize
184KB

MD5
c109f1a87f3e23d26d4dc4664217352b

SHA1
f7bfa1574648b2d938995b7bdbae0a9831149079

SHA256
533dd9dea43628fde076a9f288edefdd69ac29198057632aadc39ddf56aadcd9

SHA512
8d0aa1f59cddf7c1c3b041f46f7f872bc96c1f4358b01a603f6dff764e5e0950e29381f969a31e3d2c17522d2f5d26c8351b248304456453856e326bf5cbea39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe

Filesize
184KB

MD5
6c1d8257baf405de4ce701b0d3060090

SHA1
1cdf563524ad54269ffc278ff45f67e5bedc9541

SHA256
e9536b1903e7340cf4cd37fd4b6e3bc8d97c89850d5d6754d2b23e6ac5047d1b

SHA512
4178a6ed0a8f2fbfe7db4a80bbf3950d17f105fa533177eb056052d360ca5c4b1d1b8c8a98e9b467191b7c9094fb766935f2be946be3716ca530dad846af63b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe

Filesize
184KB

MD5
d8a89bef811b50149968b8dc14a23afd

SHA1
5f8276096b14f55002f506b83a996af38025dcc7

SHA256
7303da4437e62d93631666b5ec20c0ccf150521ec3c53c7235b9fdde4f2237b4

SHA512
9ee8e38ae2b3d5614f255c38cf1cdb8d2b19633a638abc26748c0e601fb4a59e3ed557d956ff5b78c2a114b40bb1b2e1e6679942aef2aa689da2002e8b456386

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe

Filesize
184KB

MD5
b5060e405831bd10029374893791326b

SHA1
7a34cf59a65c22c7936df1281d25578ad10f2cfe

SHA256
286bdc75187f3d49e5249dde3c6b51880e1be2be07083af91bc3af91b3f9fa57

SHA512
f33a15cb1fe19f3ce14405ab14a9c87360725f992a635b6c90323c972333210f67c2a51b93e7a9cd2523f9b726702e5da1faa8135b6f38f3ae13bf0e61bdcfa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe

Filesize
184KB

MD5
562614c72d0711ce19bc78549abb37e5

SHA1
e83df0b6ae14fc9fdc70f529032f336d8f156447

SHA256
10296fa4f4e2a37e42962450742251ff062141c795c7b1f974d6df7a7d4b7dae

SHA512
ab2173f301f7c0f0aa698fb56653e27156070d97ec4195cdf73ab95be1839e80cff1233918a0f3c79a4ef24ae4ea5fc9189f83f3df363e949da941b6e4453632

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe

Filesize
184KB

MD5
c1ee45c1d2c9b2cbb4a542d573cc2539

SHA1
db966916c9c5eedd9f5c2fe7d9acdaa4092abe48

SHA256
b981bd6d87ad8c24e46e11a9489834222e6a55c54f1d0c7255d9b8bf0f6bc3ad

SHA512
6164cd1e1119216f0d6e7496a5ad2ae4f0efd5821d9a2d0165cdee72f3e908a97f09a25c30834cff54b5faa01699d870855531da57d5eace70e8c24136d22b2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe

Filesize
184KB

MD5
bf30f10feeb0bea2d2787c00f8da29b5

SHA1
0c7cae6d7c835f4b92426dfdc5b38812587fab5d

SHA256
9f4e36769a42c596cdc8b12e4f0062549cdf8f41707e2543c8ac3afe2ca58ff7

SHA512
83c9f01167d031518894b330a534b3a3b3ce3ae403b8eef66a93f694ac7670b41e5831f7c4a066b1e02a8d9336680eee8d2b765c48ba976fcc66c851f6e46d9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe

Filesize
184KB

MD5
8047e85d8b1dbdfdc378df21b2f4f5cb

SHA1
72567f16ba3012ea1d5dc0d9094a29dc50401250

SHA256
9bc80fbf23e0cc31b8b26e9950494fd577f41d697ca206f680a101e04a655e63

SHA512
a2a40a2ee609adff88f311972d646f62831e111999600f068d8e70410f951ecf3ecb493f92929fbbb4d867d7657a151cfc49ae08d7d6f592efc011e7eff6d830

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe

Filesize
184KB

MD5
21778416cf7ac542860fa40805704789

SHA1
2daf2893d0ce18e2cde091c481e7a51dcf9b8d83

SHA256
ca95416c2ff3872b9b40e4894edee52a8ea7deb7008714aed1d32913fdcf8996

SHA512
63f7cf274ba072c8a13550baa802f014f2a9007708b6316673c0e5cc301273d4acad43c12572a18283c58367ac9953e53658ab785d11bb902e8872b93315aa60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe

Filesize
184KB

MD5
8ee379a1eee15cc1db09d3ba9636d27b

SHA1
f5907826480aadafff559902010549d1b58b8282

SHA256
ac491fd118ffcee7d34d2628a2ca4bd8604d6f5133c839195b425caf20a7cf0f

SHA512
8e1a382d86d4249ec6d5905609632376550a4acb0c7139de2fbfc8890bc97766a1dacd928a6644a094fad128165525b112d32a10b392cf1ca542e4455d62a202

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe

Filesize
184KB

MD5
96cca3ded699c7a069ae709b92b45217

SHA1
97336e06dabfab9f12511f267bff018fcf906236

SHA256
5bc24a5a24a05f708f77e53e1938c313fbd6769faa67b8e07f34cc6cd3dc65d2

SHA512
550447315cd3f84e891358ea8733ada545f361523949977bed8ae92078b5021552e9d03e55b71a39ce0dacc38e1988cf5651590de420b7fa69b3ea63094ae73d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe

Filesize
184KB

MD5
69309970e879232f96664be6ae928ecc

SHA1
f36315a46229276d09160ec57e09840b0651d011

SHA256
5918600f60d3bd17afe6893b1fc4ef5287b3a846b996940625e4f748446d95cf

SHA512
0589c63ae04520dc24a20e986f2ac46d065e3ee8eec10c414ef085e5ce78e8b665498b9157a54607e1019036c658bc5add3833853b6b559195874d4950ec5a16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe

Filesize
184KB

MD5
1237ecda87cd741fed49d3d2626e60db

SHA1
78c1610efe0c2ae902898aa2fe94f3a38260101a

SHA256
a392a918c6849ba0aa5495e1b6e3d307e49ba8adaeada3f4411287b1f23149e1

SHA512
721978cd92a78dd72219c544643565dd40cb550843145397227f8b2e9818faacc92939e259ca2c5c7b2585cb2045ebe4d41eb9b5426cf0e3a078375b44ec1520

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe

Filesize
184KB

MD5
5823ab4301b251c4068a2be3a942f3d7

SHA1
c25706efa5fceafafcc69039a72be00b7e554dec

SHA256
9fe21eb37bfc1cec950c2662f7f4bda5e079d7a9720eff03e5a733cfd2e32968

SHA512
abaa01d05e94858b25a80fdf2dd4ddd25f804d78b4f38aafc1fc1ddcb391a6a53585863609a89e504a50bf9d1166559c4bd4ea0acbc5213c3a65ec6d2d3027f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe

Filesize
184KB

MD5
770763df0501eb91588ecc098017b78e

SHA1
73b15012471f486458a7871cf1070f96b69b12f6

SHA256
0b49c1fe38faf87c38239b0e925455ecc6237583497f8ebcfcdcaf4ec097b37d

SHA512
4f6904f6a6f218360d8de6139bc07eb7d5108af666ef83acd2187795927dcab8464011bfea62f8ad8f212fc2a2c57988cb56b5e3299ac060cde1d35746001761

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe

Filesize
184KB

MD5
52c8a4a277b09197306abea5d0172b73

SHA1
f5c0a448aabc5245b773425b6c055105d6c46258

SHA256
dcf1ff2ab787a74fb26eb2f1a39ea7f13b49143a0baea2d48621bdc0e0560ada

SHA512
6c38115a8b6c7668666a7aa5bf5f482e46bdab106a3ad4f642ccf75765ca3f1988044757ebd2b9313a92d5cd79f1bf967e58dd9d84fdc698f355af4a1c6d7897

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe

Filesize
184KB

MD5
9dbcec2015c323473d8e8abd9c3209aa

SHA1
bd8e42aaaab973b0cc378531dd196451472a1d4d

SHA256
e2f96e396b4ae50bbc289368e6934815aa88666efb0f850cd07c5733b93911dd

SHA512
166f3d497eb3e1a616502651ed59ff47db6a483b2ed4212b8fc89d803ed496fb22c975e4f7eb3792f64cf41d46b1ca13faca0e1a10c781640a006531440d5bb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe

Filesize
184KB

MD5
6a97a70c0f2f269ad63e4773504aa9d4

SHA1
ffb4e564c4b4d2c65750f7c776baa35a728cae73

SHA256
433694547e6fbb2150c64e0da3e54482143983adcbf79beec9f73fda90d8c3cb

SHA512
6023ea9026f119c1c01b5622555702456d625a10c3e544050f7aae0b4c6c3cf3f16d96266aa95219c56e23d827e26bb6238db9d10537c9e08f9b1f1235495246

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe

Filesize
184KB

MD5
91c8108d91d27b942d18d5f9655c9cde

SHA1
d88c3c46abe4c2722c21b391f027c8d522ffd065

SHA256
7e790e18d4937c60af08586f44d9c008e66bf353fe9b8542070a77910f6faacf

SHA512
7905c03e95ec68f931e682b8985b0baabb8e3b04e9dabc085405f56dfd16f1dca4f25910f99b73c7237e74df41d14728a4040dcd4a76fb1d0ec2e4dba9e87b81

Download Submit