4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
Size

184KB
MD5

1c2dce8388c07f836b8f4b6b4c4d2092
SHA1

4dc1813c2ca285a89eb65e0723095e13e3fa95f1
SHA256

4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e
SHA512

9020d690f7f9574a0977a23786223cd49310a86880478271e7e231130b873e5cf3da58f149536f0deb7fb9580a97219e8f57679cef644264b13d97dcfface17d
SSDEEP

3072:8aqXD8offah7dFsWcBwLROsiUlnViFFnI:8a5oEhFsGLwsiUlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-10412.exeUnicorn-41776.exeUnicorn-47252.exeUnicorn-20693.exeUnicorn-42435.exeUnicorn-29257.exeUnicorn-55153.exeUnicorn-20343.exeUnicorn-45594.exeUnicorn-47260.exeUnicorn-51707.exeUnicorn-40846.exeUnicorn-51152.exeUnicorn-62013.exeUnicorn-59320.exeUnicorn-22647.exeUnicorn-17171.exeUnicorn-2034.exeUnicorn-10202.exeUnicorn-51790.exeUnicorn-21085.exeUnicorn-31945.exeUnicorn-62672.exeUnicorn-47727.exeUnicorn-16185.exeUnicorn-1240.exeUnicorn-56471.exeUnicorn-33097.exeUnicorn-48879.exeUnicorn-10539.exeUnicorn-18707.exeUnicorn-4317.exeUnicorn-24183.exeUnicorn-3762.exeUnicorn-45350.exeUnicorn-46741.exeUnicorn-46741.exeUnicorn-42910.exeUnicorn-64722.exeUnicorn-60638.exeUnicorn-5962.exeUnicorn-8676.exeUnicorn-28542.exeUnicorn-7929.exeUnicorn-7929.exeUnicorn-2454.exeUnicorn-10622.exeUnicorn-63160.exeUnicorn-59076.exeUnicorn-53409.exeUnicorn-18598.exeUnicorn-34380.exeUnicorn-42548.exeUnicorn-42548.exeUnicorn-2262.exeUnicorn-18044.exeUnicorn-26212.exeUnicorn-39750.exeUnicorn-4385.exeUnicorn-34811.exeUnicorn-6030.exeUnicorn-47618.exeUnicorn-16529.exeUnicorn-22751.exe

pid	process
1716	Unicorn-10412.exe
2564	Unicorn-41776.exe
1296	Unicorn-47252.exe
2480	Unicorn-20693.exe
2384	Unicorn-42435.exe
2372	Unicorn-29257.exe
2788	Unicorn-55153.exe
2984	Unicorn-20343.exe
580	Unicorn-45594.exe
748	Unicorn-47260.exe
828	Unicorn-51707.exe
744	Unicorn-40846.exe
1708	Unicorn-51152.exe
1508	Unicorn-62013.exe
2476	Unicorn-59320.exe
2264	Unicorn-22647.exe
2776	Unicorn-17171.exe
2164	Unicorn-2034.exe
2012	Unicorn-10202.exe
364	Unicorn-51790.exe
932	Unicorn-21085.exe
740	Unicorn-31945.exe
2284	Unicorn-62672.exe
1812	Unicorn-47727.exe
2916	Unicorn-16185.exe
2172	Unicorn-1240.exe
1156	Unicorn-56471.exe
1588	Unicorn-33097.exe
2064	Unicorn-48879.exe
2340	Unicorn-10539.exe
524	Unicorn-18707.exe
2656	Unicorn-4317.exe
2208	Unicorn-24183.exe
2576	Unicorn-3762.exe
2704	Unicorn-45350.exe
2404	Unicorn-46741.exe
2632	Unicorn-46741.exe
2868	Unicorn-42910.exe
1348	Unicorn-64722.exe
1344	Unicorn-60638.exe
1108	Unicorn-5962.exe
620	Unicorn-8676.exe
2280	Unicorn-28542.exe
1616	Unicorn-7929.exe
2660	Unicorn-7929.exe
1672	Unicorn-2454.exe
2248	Unicorn-10622.exe
2676	Unicorn-63160.exe
2228	Unicorn-59076.exe
2008	Unicorn-53409.exe
1564	Unicorn-18598.exe
964	Unicorn-34380.exe
1656	Unicorn-42548.exe
1676	Unicorn-42548.exe
880	Unicorn-2262.exe
960	Unicorn-18044.exe
2324	Unicorn-26212.exe
1428	Unicorn-39750.exe
2516	Unicorn-4385.exe
2076	Unicorn-34811.exe
2496	Unicorn-6030.exe
2124	Unicorn-47618.exe
2224	Unicorn-16529.exe
2236	Unicorn-22751.exe

Loads dropped DLL 64 IoCs

Processes:

4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exeUnicorn-10412.exeUnicorn-41776.exeWerFault.exeUnicorn-47252.exeUnicorn-42435.exeUnicorn-20693.exeWerFault.exeWerFault.exeUnicorn-29257.exeUnicorn-20343.exeUnicorn-55153.exeUnicorn-45594.exeWerFault.exeWerFault.exeUnicorn-47260.exeUnicorn-51707.exeUnicorn-51152.exe

pid	process
1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
1716	Unicorn-10412.exe
1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
1716	Unicorn-10412.exe
1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
2564	Unicorn-41776.exe
1716	Unicorn-10412.exe
2564	Unicorn-41776.exe
1716	Unicorn-10412.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
1296	Unicorn-47252.exe
1296	Unicorn-47252.exe
2384	Unicorn-42435.exe
2480	Unicorn-20693.exe
2384	Unicorn-42435.exe
2480	Unicorn-20693.exe
2564	Unicorn-41776.exe
2564	Unicorn-41776.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
2128	WerFault.exe
1912	WerFault.exe
2372	Unicorn-29257.exe
2372	Unicorn-29257.exe
2984	Unicorn-20343.exe
2480	Unicorn-20693.exe
2480	Unicorn-20693.exe
2984	Unicorn-20343.exe
2788	Unicorn-55153.exe
2384	Unicorn-42435.exe
2788	Unicorn-55153.exe
2384	Unicorn-42435.exe
580	Unicorn-45594.exe
580	Unicorn-45594.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2232	WerFault.exe
2240	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
748	Unicorn-47260.exe
748	Unicorn-47260.exe
2372	Unicorn-29257.exe
2372	Unicorn-29257.exe
2232	WerFault.exe
2240	WerFault.exe
828	Unicorn-51707.exe
828	Unicorn-51707.exe
1708	Unicorn-51152.exe
1708	Unicorn-51152.exe
2788	Unicorn-55153.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2524	1252	WerFault.exe	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
2540	1716	WerFault.exe	Unicorn-10412.exe
1912	1296	WerFault.exe	Unicorn-47252.exe
2128	2564	WerFault.exe	Unicorn-41776.exe
2232	2480	WerFault.exe	Unicorn-20693.exe
2240	2384	WerFault.exe	Unicorn-42435.exe
2096	2372	WerFault.exe	Unicorn-29257.exe
2760	2984	WerFault.exe	Unicorn-20343.exe
852	580	WerFault.exe	Unicorn-45594.exe
1760	2788	WerFault.exe	Unicorn-55153.exe
2640	748	WerFault.exe	Unicorn-47260.exe
764	828	WerFault.exe	Unicorn-51707.exe
1788	2476	WerFault.exe	Unicorn-59320.exe
1140	1508	WerFault.exe	Unicorn-62013.exe
2220	1348	WerFault.exe	Unicorn-64722.exe
2800	744	WerFault.exe	Unicorn-40846.exe
888	1708	WerFault.exe	Unicorn-51152.exe
1904	2264	WerFault.exe	Unicorn-22647.exe
1384	2776	WerFault.exe	Unicorn-17171.exe
2500	2164	WerFault.exe	Unicorn-2034.exe
692	932	WerFault.exe	Unicorn-21085.exe
1008	2012	WerFault.exe	Unicorn-10202.exe
1284	364	WerFault.exe	Unicorn-51790.exe
2784	2284	WerFault.exe	Unicorn-62672.exe
920	740	WerFault.exe	Unicorn-31945.exe
2360	1812	WerFault.exe	Unicorn-47727.exe
240	1156	WerFault.exe	Unicorn-56471.exe
2744	2576	WerFault.exe	Unicorn-3762.exe
1056	2064	WerFault.exe	Unicorn-48879.exe
1640	2656	WerFault.exe	Unicorn-4317.exe
3012	2632	WerFault.exe	Unicorn-46741.exe
1940	1108	WerFault.exe	Unicorn-5962.exe
2536	1344	WerFault.exe	Unicorn-60638.exe
368	2868	WerFault.exe	Unicorn-42910.exe
3136	2916	WerFault.exe	Unicorn-16185.exe
3176	620	WerFault.exe	Unicorn-8676.exe
3200	2660	WerFault.exe	Unicorn-7929.exe
3228	2008	WerFault.exe	Unicorn-53409.exe
3244	1672	WerFault.exe	Unicorn-2454.exe
3256	2248	WerFault.exe	Unicorn-10622.exe
3320	1564	WerFault.exe	Unicorn-18598.exe
3336	2340	WerFault.exe	Unicorn-10539.exe
3348	1676	WerFault.exe	Unicorn-42548.exe
3360	524	WerFault.exe	Unicorn-18707.exe
3672	1588	WerFault.exe	Unicorn-33097.exe
3768	1656	WerFault.exe	Unicorn-42548.exe
3296	2124	WerFault.exe	Unicorn-47618.exe
3316	880	WerFault.exe	Unicorn-2262.exe
3456	2228	WerFault.exe	Unicorn-59076.exe
3480	2324	WerFault.exe	Unicorn-26212.exe
3492	2208	WerFault.exe	Unicorn-24183.exe
3500	2676	WerFault.exe	Unicorn-63160.exe
3516	2404	WerFault.exe	Unicorn-46741.exe
3520	1428	WerFault.exe	Unicorn-39750.exe
3540	2704	WerFault.exe	Unicorn-45350.exe
3556	960	WerFault.exe	Unicorn-18044.exe
3548	964	WerFault.exe	Unicorn-34380.exe
3588	2236	WerFault.exe	Unicorn-22751.exe
3812	2224	WerFault.exe	Unicorn-16529.exe
3844	2280	WerFault.exe	Unicorn-28542.exe
4052	1836	WerFault.exe	Unicorn-55978.exe
4060	2996	WerFault.exe	Unicorn-192.exe
3188	1616	WerFault.exe	Unicorn-7929.exe
3276	2516	WerFault.exe	Unicorn-4385.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exeUnicorn-10412.exeUnicorn-41776.exeUnicorn-47252.exeUnicorn-42435.exeUnicorn-20693.exeUnicorn-29257.exeUnicorn-20343.exeUnicorn-45594.exeUnicorn-55153.exeUnicorn-47260.exeUnicorn-51152.exeUnicorn-51707.exeUnicorn-62013.exeUnicorn-40846.exeUnicorn-59320.exeUnicorn-22647.exeUnicorn-17171.exeUnicorn-2034.exeUnicorn-51790.exeUnicorn-10202.exeUnicorn-21085.exeUnicorn-62672.exeUnicorn-31945.exeUnicorn-47727.exeUnicorn-16185.exeUnicorn-56471.exeUnicorn-48879.exeUnicorn-33097.exeUnicorn-10539.exeUnicorn-24183.exeUnicorn-46741.exeUnicorn-3762.exeUnicorn-18707.exeUnicorn-45350.exeUnicorn-46741.exeUnicorn-4317.exeUnicorn-42910.exeUnicorn-64722.exeUnicorn-60638.exeUnicorn-5962.exeUnicorn-28542.exeUnicorn-8676.exeUnicorn-7929.exeUnicorn-7929.exeUnicorn-2454.exeUnicorn-10622.exeUnicorn-63160.exeUnicorn-59076.exeUnicorn-53409.exeUnicorn-18598.exeUnicorn-34380.exeUnicorn-2262.exeUnicorn-42548.exeUnicorn-42548.exeUnicorn-18044.exeUnicorn-26212.exeUnicorn-39750.exeUnicorn-4385.exeUnicorn-34811.exeUnicorn-6030.exeUnicorn-47618.exeUnicorn-16529.exeUnicorn-22751.exe

pid	process
1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
1716	Unicorn-10412.exe
2564	Unicorn-41776.exe
1296	Unicorn-47252.exe
2384	Unicorn-42435.exe
2480	Unicorn-20693.exe
2372	Unicorn-29257.exe
2984	Unicorn-20343.exe
580	Unicorn-45594.exe
2788	Unicorn-55153.exe
748	Unicorn-47260.exe
1708	Unicorn-51152.exe
828	Unicorn-51707.exe
1508	Unicorn-62013.exe
744	Unicorn-40846.exe
2476	Unicorn-59320.exe
2264	Unicorn-22647.exe
2776	Unicorn-17171.exe
2164	Unicorn-2034.exe
364	Unicorn-51790.exe
2012	Unicorn-10202.exe
932	Unicorn-21085.exe
2284	Unicorn-62672.exe
740	Unicorn-31945.exe
1812	Unicorn-47727.exe
2916	Unicorn-16185.exe
1156	Unicorn-56471.exe
2064	Unicorn-48879.exe
1588	Unicorn-33097.exe
2340	Unicorn-10539.exe
2208	Unicorn-24183.exe
2404	Unicorn-46741.exe
2576	Unicorn-3762.exe
524	Unicorn-18707.exe
2704	Unicorn-45350.exe
2632	Unicorn-46741.exe
2656	Unicorn-4317.exe
2868	Unicorn-42910.exe
1348	Unicorn-64722.exe
1344	Unicorn-60638.exe
1108	Unicorn-5962.exe
2280	Unicorn-28542.exe
620	Unicorn-8676.exe
1616	Unicorn-7929.exe
2660	Unicorn-7929.exe
1672	Unicorn-2454.exe
2248	Unicorn-10622.exe
2676	Unicorn-63160.exe
2228	Unicorn-59076.exe
2008	Unicorn-53409.exe
1564	Unicorn-18598.exe
964	Unicorn-34380.exe
880	Unicorn-2262.exe
1656	Unicorn-42548.exe
1676	Unicorn-42548.exe
960	Unicorn-18044.exe
2324	Unicorn-26212.exe
1428	Unicorn-39750.exe
2516	Unicorn-4385.exe
2076	Unicorn-34811.exe
2496	Unicorn-6030.exe
2124	Unicorn-47618.exe
2224	Unicorn-16529.exe
2236	Unicorn-22751.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exeUnicorn-10412.exeUnicorn-41776.exeUnicorn-47252.exeUnicorn-42435.exeUnicorn-20693.exeUnicorn-29257.exeUnicorn-20343.exe

description	pid	process	target process
PID 1252 wrote to memory of 1716	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-10412.exe
PID 1252 wrote to memory of 1716	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-10412.exe
PID 1252 wrote to memory of 1716	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-10412.exe
PID 1252 wrote to memory of 1716	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-10412.exe
PID 1716 wrote to memory of 1296	1716	Unicorn-10412.exe	Unicorn-47252.exe
PID 1716 wrote to memory of 1296	1716	Unicorn-10412.exe	Unicorn-47252.exe
PID 1716 wrote to memory of 1296	1716	Unicorn-10412.exe	Unicorn-47252.exe
PID 1716 wrote to memory of 1296	1716	Unicorn-10412.exe	Unicorn-47252.exe
PID 1252 wrote to memory of 2564	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-41776.exe
PID 1252 wrote to memory of 2564	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-41776.exe
PID 1252 wrote to memory of 2564	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-41776.exe
PID 1252 wrote to memory of 2564	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	Unicorn-41776.exe
PID 1252 wrote to memory of 2524	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	WerFault.exe
PID 1252 wrote to memory of 2524	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	WerFault.exe
PID 1252 wrote to memory of 2524	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	WerFault.exe
PID 1252 wrote to memory of 2524	1252	4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe	WerFault.exe
PID 2564 wrote to memory of 2480	2564	Unicorn-41776.exe	Unicorn-20693.exe
PID 2564 wrote to memory of 2480	2564	Unicorn-41776.exe	Unicorn-20693.exe
PID 2564 wrote to memory of 2480	2564	Unicorn-41776.exe	Unicorn-20693.exe
PID 2564 wrote to memory of 2480	2564	Unicorn-41776.exe	Unicorn-20693.exe
PID 1716 wrote to memory of 2384	1716	Unicorn-10412.exe	Unicorn-42435.exe
PID 1716 wrote to memory of 2384	1716	Unicorn-10412.exe	Unicorn-42435.exe
PID 1716 wrote to memory of 2384	1716	Unicorn-10412.exe	Unicorn-42435.exe
PID 1716 wrote to memory of 2384	1716	Unicorn-10412.exe	Unicorn-42435.exe
PID 1716 wrote to memory of 2540	1716	Unicorn-10412.exe	WerFault.exe
PID 1716 wrote to memory of 2540	1716	Unicorn-10412.exe	WerFault.exe
PID 1716 wrote to memory of 2540	1716	Unicorn-10412.exe	WerFault.exe
PID 1716 wrote to memory of 2540	1716	Unicorn-10412.exe	WerFault.exe
PID 1296 wrote to memory of 2372	1296	Unicorn-47252.exe	Unicorn-29257.exe
PID 1296 wrote to memory of 2372	1296	Unicorn-47252.exe	Unicorn-29257.exe
PID 1296 wrote to memory of 2372	1296	Unicorn-47252.exe	Unicorn-29257.exe
PID 1296 wrote to memory of 2372	1296	Unicorn-47252.exe	Unicorn-29257.exe
PID 2384 wrote to memory of 2788	2384	Unicorn-42435.exe	Unicorn-55153.exe
PID 2384 wrote to memory of 2788	2384	Unicorn-42435.exe	Unicorn-55153.exe
PID 2384 wrote to memory of 2788	2384	Unicorn-42435.exe	Unicorn-55153.exe
PID 2384 wrote to memory of 2788	2384	Unicorn-42435.exe	Unicorn-55153.exe
PID 2480 wrote to memory of 2984	2480	Unicorn-20693.exe	Unicorn-20343.exe
PID 2480 wrote to memory of 2984	2480	Unicorn-20693.exe	Unicorn-20343.exe
PID 2480 wrote to memory of 2984	2480	Unicorn-20693.exe	Unicorn-20343.exe
PID 2480 wrote to memory of 2984	2480	Unicorn-20693.exe	Unicorn-20343.exe
PID 2564 wrote to memory of 580	2564	Unicorn-41776.exe	Unicorn-45594.exe
PID 2564 wrote to memory of 580	2564	Unicorn-41776.exe	Unicorn-45594.exe
PID 2564 wrote to memory of 580	2564	Unicorn-41776.exe	Unicorn-45594.exe
PID 2564 wrote to memory of 580	2564	Unicorn-41776.exe	Unicorn-45594.exe
PID 2564 wrote to memory of 2128	2564	Unicorn-41776.exe	WerFault.exe
PID 2564 wrote to memory of 2128	2564	Unicorn-41776.exe	WerFault.exe
PID 2564 wrote to memory of 2128	2564	Unicorn-41776.exe	WerFault.exe
PID 2564 wrote to memory of 2128	2564	Unicorn-41776.exe	WerFault.exe
PID 1296 wrote to memory of 1912	1296	Unicorn-47252.exe	WerFault.exe
PID 1296 wrote to memory of 1912	1296	Unicorn-47252.exe	WerFault.exe
PID 1296 wrote to memory of 1912	1296	Unicorn-47252.exe	WerFault.exe
PID 1296 wrote to memory of 1912	1296	Unicorn-47252.exe	WerFault.exe
PID 2372 wrote to memory of 748	2372	Unicorn-29257.exe	Unicorn-47260.exe
PID 2372 wrote to memory of 748	2372	Unicorn-29257.exe	Unicorn-47260.exe
PID 2372 wrote to memory of 748	2372	Unicorn-29257.exe	Unicorn-47260.exe
PID 2372 wrote to memory of 748	2372	Unicorn-29257.exe	Unicorn-47260.exe
PID 2480 wrote to memory of 828	2480	Unicorn-20693.exe	Unicorn-51707.exe
PID 2480 wrote to memory of 828	2480	Unicorn-20693.exe	Unicorn-51707.exe
PID 2480 wrote to memory of 828	2480	Unicorn-20693.exe	Unicorn-51707.exe
PID 2480 wrote to memory of 828	2480	Unicorn-20693.exe	Unicorn-51707.exe
PID 2984 wrote to memory of 744	2984	Unicorn-20343.exe	Unicorn-40846.exe
PID 2984 wrote to memory of 744	2984	Unicorn-20343.exe	Unicorn-40846.exe
PID 2984 wrote to memory of 744	2984	Unicorn-20343.exe	Unicorn-40846.exe
PID 2984 wrote to memory of 744	2984	Unicorn-20343.exe	Unicorn-40846.exe

C:\Users\Admin\AppData\Local\Temp\4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe
"C:\Users\Admin\AppData\Local\Temp\4f0f929bd315ec213f7ad48666c3acf8dfe093e6fdc532d09f5f247595f4a18e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        11⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        12⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        13⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        14⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        14⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        13⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        12⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
        11⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        11⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        12⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        13⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 236
        13⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        12⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        11⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        11⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        12⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        13⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
        13⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        12⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        11⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        10⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
        9⤵
        Program crash
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
        11⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        12⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        13⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        13⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        12⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        11⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        10⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        9⤵
        Program crash
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
        8⤵
        Program crash
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        11⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        12⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        13⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 236
        13⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        12⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        11⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        11⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        12⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 220
        11⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        10⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        11⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        12⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        9⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        8⤵
        Program crash
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        Program crash
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 200
        8⤵
        Program crash
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        7⤵
        Program crash
        
        PID:3136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        6⤵
        Program crash
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1240.exe
        6⤵
        Executes dropped EXE
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        11⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        8⤵
        Program crash
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 204
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        Program crash
        
        PID:368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        6⤵
        Program crash
        
        PID:1384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        5⤵
        Program crash
        
        PID:2096
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        12⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        11⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        10⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        9⤵
        Program crash
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        8⤵
        Program crash
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35579.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        10⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        12⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 236
        12⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
        10⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        9⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        8⤵
        Program crash
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        7⤵
        Program crash
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        11⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 236
        11⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        10⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 216
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        8⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 236
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        7⤵
        Program crash
        
        PID:3540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        6⤵
        Program crash
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        11⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        12⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        11⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
        9⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        Program crash
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        11⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        12⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        10⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 240
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        7⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        10⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        7⤵
        Program crash
        
        PID:3228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 240
        6⤵
        Program crash
        
        PID:1284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        5⤵
        Program crash
        
        PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28102.exe
        11⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        8⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        7⤵
        Program crash
        
        PID:3244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
        6⤵
        Program crash
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5802.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        11⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        8⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        7⤵
        Program crash
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
        10⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        10⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        7⤵
        
        PID:3416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        6⤵
        Program crash
        
        PID:1640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        5⤵
        Program crash
        
        PID:1140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2240
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        11⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-177.exe
        12⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
        11⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        10⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        9⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58791.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        12⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        12⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        10⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        8⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        10⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        11⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        11⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        8⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:3672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 236
        6⤵
        Program crash
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        11⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 236
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        7⤵
        Program crash
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 216
        6⤵
        Program crash
        
        PID:920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        5⤵
        Program crash
        
        PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        12⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
        12⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        11⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
        10⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        9⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        11⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        12⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 236
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        10⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        9⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        8⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        12⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 220
        11⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        10⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        9⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 216
        8⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        7⤵
        Program crash
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        12⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 236
        11⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
        10⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        6⤵
        Program crash
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        10⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
        10⤵
        
        PID:904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        7⤵
        Program crash
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        6⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        9⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        10⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        9⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        8⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
        7⤵
        
        PID:4384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        6⤵
        Program crash
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        5⤵
        Program crash
        
        PID:764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        9⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        7⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        10⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        11⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
        10⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        7⤵
        Program crash
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 236
        11⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 236
        10⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55205.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        10⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 220
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        8⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
        6⤵
        Program crash
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        9⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
        7⤵
        Program crash
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
        8⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        7⤵
        
        PID:4400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 240
        6⤵
        Program crash
        
        PID:3360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        5⤵
        Program crash
        
        PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        11⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
        10⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        7⤵
        Program crash
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        10⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        10⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        9⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        8⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        7⤵
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        6⤵
        Program crash
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        9⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        10⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        9⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 236
        8⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        7⤵
        
        PID:4180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        6⤵
        Program crash
        
        PID:3316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        5⤵
        Program crash
        
        PID:2784
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
      4⤵
      Program crash
      PID:852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
  2⤵
  - Program crash
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe

Filesize
184KB

MD5
5013c2df14cd6a070aaaf81edd54ed47

SHA1
ff3a69f93decaf4b1935af3997bf3736fc276862

SHA256
794b8dbfa37c73fb2e9206b64742b0962140bf764a584fea6074ddcc19b49d9f

SHA512
555e63f0a1f8d15dbb548fabb3d1dd56224b5ca7ef8817bc2143e6c5d9ac0048476b2785d8719d719abf74d13d71910a4a40719a9348d4110da6220b9ccea016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe

Filesize
184KB

MD5
066fb44914315acb41eb7e41e8ea9770

SHA1
67f28f4b1434b75d60f70461491f3d1235c31bce

SHA256
09d44970e3cf8625eaf9a2ecb8f3f2a8bd08c0774b1e51103dd7c9254a64ed9a

SHA512
4ba081b44f51f04aadcac08b9caf4a39c473615f4e0df198702da1d98d87160eb55082836d3c45e56ec8bd5fe1e0629e79833dcf8b47d3cb214d61443b9c0afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe

Filesize
184KB

MD5
47349a957d42d3e0a2251f23cc87a296

SHA1
ac5970ce5b11a685b7d34b46bb1e4537e87d6cc2

SHA256
8e11c95b581f296a0ffeb3c12d7e46d97bafd70caf3f75d599645ddb77e8fa51

SHA512
7b5bff7827e0ae6ba9591633b64b17d65d8b55d6edf2249c27751e90ba31eea34d5663fc2fa58d4281f81a1b293fcf46afa5d7edbeae7b7675914049b0e9bcff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe

Filesize
184KB

MD5
13f18e6f165eb5d54ff81577f8fd5079

SHA1
45df8f1bc688bd16575d6b9cc86f06d71697715b

SHA256
e975dcdf377758bef806ec3c37a47e4e03789dd92b04678b0746d133138e10b5

SHA512
2b676b3ca266063eec8379ccb43c88ded70213aae90794c5747cdc8cf7dbeaee87012ecd8f5766d235aa359a32ed82d1563b03b6623e880e59fbe3a81ea07b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe

Filesize
184KB

MD5
7b8952df22731fd1e356575f80d6e76e

SHA1
d8c569c8c57ff130f82c8d492fc3f454aa7d0d12

SHA256
7eac07ab8af09ecf8dedeac8dc87613f548f8ec251caece862757bc2fd270ae9

SHA512
0fe73ca5effb8a37847a681ad271d560ac4fd5051ee1f63ab124bc397ba78de5d779e1d70a698216242d60ed0c3c2d27709d5efab031d26ec9f2eb5f30a204d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe

Filesize
184KB

MD5
d66758e1f354965f46f9783417644e0d

SHA1
10b51b4305ab88274ed3c8e0c4d9df8086c659aa

SHA256
4011212f3581b5728793280e77d2ee31b9022f2196ee03b1f267a792e4fa391a

SHA512
a7ebf9283dceb736ae2f454d075b7693c69a7d47f1ea323b9158045e25195628827642384a36a80c317f9b441f750ac6ae4edeb4c17a41d02e932b653faff891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe

Filesize
184KB

MD5
61fd1f807e2953df3e9a707605c9d29a

SHA1
6ad5fd42703ba0cdfc1f00bf1e45db6673b57357

SHA256
2322431ded0acaf6bd1e8a275715ec36de188b93575b802f18aa6f624c013ab1

SHA512
2089df3c06b9671fe77aab3d96494fd178c731576ce8a88262f03b0692a394fe5932eb7d35cbf70d7b990592c08cc091e70ee04ddb402c5d592e4af97d840c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe

Filesize
184KB

MD5
4870f95093c2e53b458b7baa576fde85

SHA1
6d31c229c835e765d2ce2ee583ff2a9379c8744b

SHA256
9c6d6d2a2858ebc30280b241598cf5131aa29024f4b7c05ecc4d7565274e8e29

SHA512
ff0b0bb885545c623d44ab76f5f9d1234b176507831442126339c83e55f55fc678e3a21f139834e2eb9f9c196553eb8be75b0cab6fb66b70a0591c3895c9aa6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe

Filesize
184KB

MD5
06b0377165674107649a48f1fa39175e

SHA1
e7532996cb02421be59f6bb76dcef8957ae63965

SHA256
d1dd9166d26a2d4d0a81c06d6c0fe66df9a53fafcfb632fdfe60721dddbfddcc

SHA512
3c00b65d7d7b1ff7594219604276835eca39207d952606435d78fda3fbb8121f3828cfb04359cd0a410d752805349406a43be97a7507670a2ce2936b2231dd82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe

Filesize
184KB

MD5
bae515c3d401a1e0931eff97340ce4a1

SHA1
ec71bf3955fbec4154d0e17575f9a4062c43cf4a

SHA256
30db88b91aa08d06d550dd8eddaa395d4c1784d7da6a35356204ab15e1cd5593

SHA512
d6bf68eadcbf6252f07a7e428b449aeeb72496186de192cf80a6b5c06abe981993cfe0f73efa1ae72d013aab8a2cd9b303736124074f99d2dcad317417ed07be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe

Filesize
184KB

MD5
088577bff568c3dc6d6d7c0b09b5c998

SHA1
27be426e98444898f0f11ba840ccf3885d5daf65

SHA256
f088a22ec134e60eec00eba0b78700a4e7663cede9726ef613a3077ddcaa3738

SHA512
0e6425376ed28ba71a05173dbea6779bb6d0928e1a97198f544bda45eca0ab21b30125c0713a5a2d1e4bf2cd1f803e618f80f82c591f61b6bea559c8b6eb832a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe

Filesize
184KB

MD5
6f997dba39445919a21ead02c72352ac

SHA1
43b6da4345bf47da06a8efb3e1d89c61187ad8a5

SHA256
2fa87884ad1cef5a3fb7cc3bb062a9d1603bc7ae89fa4a7bba5ad2f7f001274b

SHA512
b047f269c0e29b7ac0aea3570a31ceeb5babe185be78f7518e5592a5522d37ff1a9daa56eec063448fcd09df4fb82d05d26c8413844e71a071a1089b6d1306dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe

Filesize
184KB

MD5
ab5930e8f994ad047547d6a42b84f6c7

SHA1
51e82bdda70a6c4a4af7dbf3fe3d10f5307b16db

SHA256
f893b8120826e8bb753d9e1b7c32792fec51a5911708365148e71a07b0ce4a75

SHA512
87590fe3c22deb27c382a203d6c85e364ee51f2015a998cd1319522ba18301afcfd636ea2092bb671ba68071f67dbac8a4dbde0fa2687d461e7e7b144ae60213

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe

Filesize
184KB

MD5
64a4719a15393e9a45ff62fa9c1f904a

SHA1
c3cb540d0bfcdef271addde22a9aeb0d1d284590

SHA256
531990a003e3d030950bb9b3a9b38c14a4508faa877172a52bd5fe993e34fbbc

SHA512
267f1a380b60499ef94b4c683b07e3d62e0234f89f60b0b0de8b46a61917da8726886d40e38f252dfdfadf20fad0aefa54305d8936289d48a81a5d30dcecc778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe

Filesize
184KB

MD5
3309a51eccacb6810540c7a2c4c133c4

SHA1
5994158508c7af8aa25be38136c4870044c4e3f3

SHA256
4f227994453094ff39d250d8c176e1adc629091328bceaf9d2c848e20451513c

SHA512
84c19cea0c3ce023cdbfde614e120abf16d4ef9e62eebcd0823ad1e610e9a6dd08392e13059ab0b0b13b13952ba779a1800ed26fde62aced126baeecf2c4b27a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe

Filesize
184KB

MD5
dbf36f6334caf8b7595a38a22ae7b164

SHA1
555b00e4b74212b744899e78ed850e713c4d60de

SHA256
8499f33bcf1bc1c005cf35639a0aeba578232f456edd00ac3b189f4a87c06ebb

SHA512
14a4a575d831ad224c04d2af448a8604bfd96fb59e1fb34cdea514b438e1d9420a9c22684d3d6dc9084b833c0299da7fdbd87c4d31a09b033dfdca8db339fdfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe

Filesize
184KB

MD5
a7b77c1a473ce1eaa0d5fac06fdbc897

SHA1
9e35be70aac9c117cefd46b6ecd83d148589d3aa

SHA256
e94a4d4ac13587422aa8a8e434992e85436d3e57360914494c56c855615c1f18

SHA512
3a4b216553d7aeb33716d8a134fe62ded968d3be18b4d1648913385143e9a76b29185e473b6dc99983e15e90b8789e58679509712a7683c4ad357c5055d4055d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe

Filesize
184KB

MD5
60170b617738fbcf25e4f91def301ca5

SHA1
2a22b5f75e7895265980fe4bd4c9649aa6422702

SHA256
31553f0982a08ebadb9b0437bea2fef7c1c7e7249b6efdbf072f03bd93ca34fa

SHA512
3987d86d456ea7eb63c4fa66fa074e0a1f83a550ca8d0daa8edab903cdbc922070842dbf928cc07db851db0c74095b90e82708bcc8f907a7def0f8da44489f87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe

Filesize
184KB

MD5
378df8cb9188e4248f30ef7eb945abde

SHA1
4644ded027ee320df1627fd0e31891c455dbca3a

SHA256
99d15a428a74ee25080d49c3fa13de2d3dbf7304ad87d9760d66235e433a9593

SHA512
1c6424cf5b5f9e7701c20095690d107e6875f54c15ea95eb5a5547647532db8c0fabb5784078e441bf2d817e102cf2965215e51025c2abcc01b269d56eec00a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe

Filesize
184KB

MD5
fa0c36b0f7a93d3fb428ab747490baae

SHA1
7008d669413eb6485c524ee856e136320dcb32c7

SHA256
ff7697c441581ea7e1fb211475ddbc287ba2bcad530e9a9e667005045d8e6695

SHA512
db8bbff4dd7258786be5e30944bb9f17c40e567bc46200e36adf7d13205d077e9439e99243d5d6554727e1fe754c0f197973edc0e4e8585120323b09480e6ea2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe

Filesize
184KB

MD5
89041c2628a1f33f19cd108b6437abd8

SHA1
fb4e7e21711ad7eabc3d31e8a300846ac2e84fef

SHA256
0ccf347ba37af5462ced9e7c717a45d71af159f0886c0fdd3af98e63a2f48cc4

SHA512
bcfe03479f5bc8e006fbe41ce42dc5b03759af9eeafa88f3b9dda04fa8e59c236b07bc11c32f426016f1322ae446123da266e57a1bd5323ee3a39b97dc79cb07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe

Filesize
184KB

MD5
b8ff5140d0836f05087bdcb3dcbc17fc

SHA1
7e95cba5b51a019822b7eebd314f6fcb02285c93

SHA256
9668bfd43504a08b3e3a7c708112f79de4f6a8450a3a7421d84b5ef0f4e471a5

SHA512
f5e0bf32fda9a26f36749bf885c04368ee912248e51d6e20e1c16dad0c9c142b2b5277b51e9d876cdb9498d1a480606b75e253ce8f388377ef17c6fde85e403d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe

Filesize
184KB

MD5
3b80580938d24486d9db86d77fee58ac

SHA1
304659f2b4aca159cd72830f41d0c5da418949fc

SHA256
d671c79749c76a9d7e8f967d6309236d2247ad526a7171ea3b7ba4bc0c85ef76

SHA512
c796545cc07f7c59701f51212e17e7c2fcff9acfc6ca850a7f1014c23ffec679e552b8c38adc10a1e09a5084a84822a87f732f25fbdce1d458315f2634c76445

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe

Filesize
184KB

MD5
066ab8380909e7bd243ca5e4930ae300

SHA1
f8454a6b614b4ef48e872a934787267a9f2fff2b

SHA256
b555ba2368adcfedff013de433dcb1fa3eedca92c1acfaa47b0f92e7e370f470

SHA512
cfe32798121b33cd6e8fe9b522eba0999ee3bbdb8376fecc148c6d2a717b081e88bc4677587a4b33c1d0e61fc43192c7dac17279515dd2093d91f8931b9438e6

Download Submit