2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
Size

184KB
MD5

22cb2d14033c68e52999b13ce5b818c1
SHA1

e4af0ab71211448390b81a210eedb6f9344879b2
SHA256

2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57
SHA512

56afdbe9695a22c9cdcb5fd257e0ad694cc2f7d182b4d6699b84297cbf5d384254e0b5aa4b68e5e88f6527d29bb498dbef53dc86b057c67829176579dc0b6e7f
SSDEEP

3072:l/OBGxoZs0LldyuWeG9LRxsmhlqniFun3:l/foJDyu4LzsmhlqniFu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-54456.exeUnicorn-43356.exeUnicorn-23490.exeUnicorn-47523.exeUnicorn-62468.exeUnicorn-16797.exeUnicorn-47606.exeUnicorn-47606.exeUnicorn-21518.exeUnicorn-41384.exeUnicorn-17434.exeUnicorn-39184.exeUnicorn-15234.exeUnicorn-4373.exeUnicorn-35100.exeUnicorn-43823.exeUnicorn-32962.exeUnicorn-59604.exeUnicorn-39738.exeUnicorn-16709.exeUnicorn-19401.exeUnicorn-51519.exeUnicorn-927.exeUnicorn-14570.exeUnicorn-20793.exeUnicorn-29515.exeUnicorn-56158.exeUnicorn-10486.exeUnicorn-45297.exeUnicorn-45297.exeUnicorn-52074.exeUnicorn-53740.exeUnicorn-33874.exeUnicorn-16792.exeUnicorn-13262.exeUnicorn-37212.exeUnicorn-52157.exeUnicorn-53548.exeUnicorn-22822.exeUnicorn-58187.exeUnicorn-31544.exeUnicorn-51410.exeUnicorn-47326.exeUnicorn-8431.exeUnicorn-54103.exeUnicorn-47326.exeUnicorn-39158.exeUnicorn-39158.exeUnicorn-13070.exeUnicorn-13070.exeUnicorn-32936.exeUnicorn-48670.exeUnicorn-48670.exeUnicorn-24720.exeUnicorn-40502.exeUnicorn-14414.exeUnicorn-26112.exeUnicorn-32142.exeUnicorn-38918.exeUnicorn-58784.exeUnicorn-48478.exeUnicorn-20444.exeUnicorn-59360.exeUnicorn-7144.exe

pid	process
1724	Unicorn-54456.exe
1228	Unicorn-43356.exe
1272	Unicorn-23490.exe
2608	Unicorn-47523.exe
2076	Unicorn-62468.exe
2700	Unicorn-16797.exe
2128	Unicorn-47606.exe
2888	Unicorn-47606.exe
2860	Unicorn-21518.exe
2320	Unicorn-41384.exe
332	Unicorn-17434.exe
2512	Unicorn-39184.exe
2228	Unicorn-15234.exe
2116	Unicorn-4373.exe
1636	Unicorn-35100.exe
1964	Unicorn-43823.exe
2824	Unicorn-32962.exe
1352	Unicorn-59604.exe
2720	Unicorn-39738.exe
1472	Unicorn-16709.exe
2132	Unicorn-19401.exe
1548	Unicorn-51519.exe
964	Unicorn-927.exe
1608	Unicorn-14570.exe
2808	Unicorn-20793.exe
3040	Unicorn-29515.exe
1700	Unicorn-56158.exe
2304	Unicorn-10486.exe
2940	Unicorn-45297.exe
1524	Unicorn-45297.exe
3064	Unicorn-52074.exe
2920	Unicorn-53740.exe
2584	Unicorn-33874.exe
2648	Unicorn-16792.exe
2580	Unicorn-13262.exe
2696	Unicorn-37212.exe
300	Unicorn-52157.exe
2848	Unicorn-53548.exe
2020	Unicorn-22822.exe
1892	Unicorn-58187.exe
2556	Unicorn-31544.exe
2748	Unicorn-51410.exe
2708	Unicorn-47326.exe
2760	Unicorn-8431.exe
2336	Unicorn-54103.exe
2872	Unicorn-47326.exe
1760	Unicorn-39158.exe
1900	Unicorn-39158.exe
1424	Unicorn-13070.exe
1612	Unicorn-13070.exe
2012	Unicorn-32936.exe
672	Unicorn-48670.exe
2188	Unicorn-48670.exe
1528	Unicorn-24720.exe
1644	Unicorn-40502.exe
3000	Unicorn-14414.exe
1656	Unicorn-26112.exe
892	Unicorn-32142.exe
948	Unicorn-38918.exe
2788	Unicorn-58784.exe
2604	Unicorn-48478.exe
2956	Unicorn-20444.exe
2780	Unicorn-59360.exe
2480	Unicorn-7144.exe

Loads dropped DLL 64 IoCs

Processes:

2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exeUnicorn-54456.exeUnicorn-23490.exeUnicorn-43356.exeWerFault.exeUnicorn-16797.exeUnicorn-62468.exeUnicorn-47523.exeWerFault.exeWerFault.exeUnicorn-47606.exeUnicorn-47606.exeUnicorn-17434.exeUnicorn-21518.exeUnicorn-41384.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
1724	Unicorn-54456.exe
1724	Unicorn-54456.exe
2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
1272	Unicorn-23490.exe
1724	Unicorn-54456.exe
1272	Unicorn-23490.exe
1724	Unicorn-54456.exe
1228	Unicorn-43356.exe
1228	Unicorn-43356.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2700	Unicorn-16797.exe
2076	Unicorn-62468.exe
2608	Unicorn-47523.exe
2076	Unicorn-62468.exe
2700	Unicorn-16797.exe
2608	Unicorn-47523.exe
1228	Unicorn-43356.exe
1228	Unicorn-43356.exe
1272	Unicorn-23490.exe
1272	Unicorn-23490.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
808	WerFault.exe
1252	WerFault.exe
2128	Unicorn-47606.exe
2128	Unicorn-47606.exe
2076	Unicorn-62468.exe
2076	Unicorn-62468.exe
2888	Unicorn-47606.exe
2888	Unicorn-47606.exe
332	Unicorn-17434.exe
332	Unicorn-17434.exe
2700	Unicorn-16797.exe
2700	Unicorn-16797.exe
2860	Unicorn-21518.exe
2860	Unicorn-21518.exe
2320	Unicorn-41384.exe
2608	Unicorn-47523.exe
2320	Unicorn-41384.exe
2608	Unicorn-47523.exe
584	WerFault.exe
584	WerFault.exe
1776	WerFault.exe
584	WerFault.exe
584	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2664	2864	WerFault.exe	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
2196	1724	WerFault.exe	Unicorn-54456.exe
808	1272	WerFault.exe	Unicorn-23490.exe
1252	1228	WerFault.exe	Unicorn-43356.exe
584	2076	WerFault.exe	Unicorn-62468.exe
1776	2700	WerFault.exe	Unicorn-16797.exe
1624	2608	WerFault.exe	Unicorn-47523.exe
2908	2128	WerFault.exe	Unicorn-47606.exe
2324	332	WerFault.exe	Unicorn-17434.exe
2332	2888	WerFault.exe	Unicorn-47606.exe
1856	2860	WerFault.exe	Unicorn-21518.exe
1988	2320	WerFault.exe	Unicorn-41384.exe
2828	2512	WerFault.exe	Unicorn-39184.exe
592	1636	WerFault.exe	Unicorn-35100.exe
1116	2116	WerFault.exe	Unicorn-4373.exe
2424	2228	WerFault.exe	Unicorn-15234.exe
2028	1352	WerFault.exe	Unicorn-59604.exe
1552	1964	WerFault.exe	Unicorn-43823.exe
3068	2824	WerFault.exe	Unicorn-32962.exe
1616	2720	WerFault.exe	Unicorn-39738.exe
704	1472	WerFault.exe	Unicorn-16709.exe
1504	2132	WerFault.exe	Unicorn-19401.exe
2548	1548	WerFault.exe	Unicorn-51519.exe
2716	1608	WerFault.exe	Unicorn-14570.exe
2460	964	WerFault.exe	Unicorn-927.exe
2764	2304	WerFault.exe	Unicorn-10486.exe
2944	2808	WerFault.exe	Unicorn-20793.exe
2884	1700	WerFault.exe	Unicorn-56158.exe
884	3040	WerFault.exe	Unicorn-29515.exe
2348	2940	WerFault.exe	Unicorn-45297.exe
880	3064	WerFault.exe	Unicorn-52074.exe
2540	1524	WerFault.exe	Unicorn-45297.exe
1712	2480	WerFault.exe	Unicorn-7144.exe
3420	2584	WerFault.exe	Unicorn-33874.exe
3412	2920	WerFault.exe	Unicorn-53740.exe
3444	2648	WerFault.exe	Unicorn-16792.exe
3476	2580	WerFault.exe	Unicorn-13262.exe
3608	2696	WerFault.exe	Unicorn-37212.exe
3616	300	WerFault.exe	Unicorn-52157.exe
3656	2848	WerFault.exe	Unicorn-53548.exe
3724	1892	WerFault.exe	Unicorn-58187.exe
3744	2020	WerFault.exe	Unicorn-22822.exe
3764	2556	WerFault.exe	Unicorn-31544.exe
3788	2748	WerFault.exe	Unicorn-51410.exe
3820	1760	WerFault.exe	Unicorn-39158.exe
3812	1900	WerFault.exe	Unicorn-39158.exe
3844	2012	WerFault.exe	Unicorn-32936.exe
3868	2708	WerFault.exe	Unicorn-47326.exe
3876	2872	WerFault.exe	Unicorn-47326.exe
3884	2760	WerFault.exe	Unicorn-8431.exe
3952	2336	WerFault.exe	Unicorn-54103.exe
3960	1424	WerFault.exe	Unicorn-13070.exe
3984	1612	WerFault.exe	Unicorn-13070.exe
3436	3096	WerFault.exe	Unicorn-512.exe
3088	2188	WerFault.exe	Unicorn-48670.exe
3672	1528	WerFault.exe	Unicorn-24720.exe
4060	1656	WerFault.exe	Unicorn-26112.exe
4440	2900	WerFault.exe	Unicorn-40886.exe
4448	2420	WerFault.exe	Unicorn-26496.exe
4504	2292	WerFault.exe	Unicorn-39817.exe
5012	3000	WerFault.exe	Unicorn-14414.exe
4100	2520	WerFault.exe	Unicorn-29188.exe
4116	356	WerFault.exe	Unicorn-32203.exe
4184	2788	WerFault.exe	Unicorn-58784.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exeUnicorn-54456.exeUnicorn-23490.exeUnicorn-43356.exeUnicorn-47523.exeUnicorn-62468.exeUnicorn-16797.exeUnicorn-47606.exeUnicorn-47606.exeUnicorn-41384.exeUnicorn-21518.exeUnicorn-17434.exeUnicorn-39184.exeUnicorn-4373.exeUnicorn-15234.exeUnicorn-43823.exeUnicorn-39738.exeUnicorn-35100.exeUnicorn-32962.exeUnicorn-59604.exeUnicorn-16709.exeUnicorn-19401.exeUnicorn-51519.exeUnicorn-927.exeUnicorn-14570.exeUnicorn-20793.exeUnicorn-56158.exeUnicorn-29515.exeUnicorn-45297.exeUnicorn-10486.exeUnicorn-52074.exeUnicorn-45297.exeUnicorn-53740.exeUnicorn-33874.exeUnicorn-16792.exeUnicorn-13262.exeUnicorn-37212.exeUnicorn-52157.exeUnicorn-53548.exeUnicorn-22822.exeUnicorn-58187.exeUnicorn-51410.exeUnicorn-31544.exeUnicorn-47326.exeUnicorn-47326.exeUnicorn-54103.exeUnicorn-32936.exeUnicorn-39158.exeUnicorn-39158.exeUnicorn-8431.exeUnicorn-13070.exeUnicorn-13070.exeUnicorn-48670.exeUnicorn-48670.exeUnicorn-24720.exeUnicorn-40502.exeUnicorn-14414.exeUnicorn-26112.exeUnicorn-32142.exeUnicorn-38918.exeUnicorn-58784.exeUnicorn-48478.exeUnicorn-20444.exeUnicorn-59360.exe

pid	process
2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
1724	Unicorn-54456.exe
1272	Unicorn-23490.exe
1228	Unicorn-43356.exe
2608	Unicorn-47523.exe
2076	Unicorn-62468.exe
2700	Unicorn-16797.exe
2128	Unicorn-47606.exe
2888	Unicorn-47606.exe
2320	Unicorn-41384.exe
2860	Unicorn-21518.exe
332	Unicorn-17434.exe
2512	Unicorn-39184.exe
2116	Unicorn-4373.exe
2228	Unicorn-15234.exe
1964	Unicorn-43823.exe
2720	Unicorn-39738.exe
1636	Unicorn-35100.exe
2824	Unicorn-32962.exe
1352	Unicorn-59604.exe
1472	Unicorn-16709.exe
2132	Unicorn-19401.exe
1548	Unicorn-51519.exe
964	Unicorn-927.exe
1608	Unicorn-14570.exe
2808	Unicorn-20793.exe
1700	Unicorn-56158.exe
3040	Unicorn-29515.exe
2940	Unicorn-45297.exe
2304	Unicorn-10486.exe
3064	Unicorn-52074.exe
1524	Unicorn-45297.exe
2920	Unicorn-53740.exe
2584	Unicorn-33874.exe
2648	Unicorn-16792.exe
2580	Unicorn-13262.exe
2696	Unicorn-37212.exe
300	Unicorn-52157.exe
2848	Unicorn-53548.exe
2020	Unicorn-22822.exe
1892	Unicorn-58187.exe
2748	Unicorn-51410.exe
2556	Unicorn-31544.exe
2872	Unicorn-47326.exe
2708	Unicorn-47326.exe
2336	Unicorn-54103.exe
2012	Unicorn-32936.exe
1900	Unicorn-39158.exe
1760	Unicorn-39158.exe
2760	Unicorn-8431.exe
1424	Unicorn-13070.exe
1612	Unicorn-13070.exe
2188	Unicorn-48670.exe
672	Unicorn-48670.exe
1528	Unicorn-24720.exe
1644	Unicorn-40502.exe
3000	Unicorn-14414.exe
1656	Unicorn-26112.exe
892	Unicorn-32142.exe
948	Unicorn-38918.exe
2788	Unicorn-58784.exe
2604	Unicorn-48478.exe
2956	Unicorn-20444.exe
2780	Unicorn-59360.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exeUnicorn-54456.exeUnicorn-23490.exeUnicorn-43356.exeUnicorn-62468.exeUnicorn-16797.exeUnicorn-47523.exeUnicorn-47606.exe

description	pid	process	target process
PID 2864 wrote to memory of 1724	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-54456.exe
PID 2864 wrote to memory of 1724	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-54456.exe
PID 2864 wrote to memory of 1724	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-54456.exe
PID 2864 wrote to memory of 1724	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-54456.exe
PID 1724 wrote to memory of 1228	1724	Unicorn-54456.exe	Unicorn-43356.exe
PID 1724 wrote to memory of 1228	1724	Unicorn-54456.exe	Unicorn-43356.exe
PID 1724 wrote to memory of 1228	1724	Unicorn-54456.exe	Unicorn-43356.exe
PID 1724 wrote to memory of 1228	1724	Unicorn-54456.exe	Unicorn-43356.exe
PID 2864 wrote to memory of 1272	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-23490.exe
PID 2864 wrote to memory of 1272	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-23490.exe
PID 2864 wrote to memory of 1272	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-23490.exe
PID 2864 wrote to memory of 1272	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	Unicorn-23490.exe
PID 2864 wrote to memory of 2664	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	WerFault.exe
PID 2864 wrote to memory of 2664	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	WerFault.exe
PID 2864 wrote to memory of 2664	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	WerFault.exe
PID 2864 wrote to memory of 2664	2864	2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe	WerFault.exe
PID 1272 wrote to memory of 2608	1272	Unicorn-23490.exe	Unicorn-47523.exe
PID 1272 wrote to memory of 2608	1272	Unicorn-23490.exe	Unicorn-47523.exe
PID 1272 wrote to memory of 2608	1272	Unicorn-23490.exe	Unicorn-47523.exe
PID 1272 wrote to memory of 2608	1272	Unicorn-23490.exe	Unicorn-47523.exe
PID 1724 wrote to memory of 2076	1724	Unicorn-54456.exe	Unicorn-62468.exe
PID 1724 wrote to memory of 2076	1724	Unicorn-54456.exe	Unicorn-62468.exe
PID 1724 wrote to memory of 2076	1724	Unicorn-54456.exe	Unicorn-62468.exe
PID 1724 wrote to memory of 2076	1724	Unicorn-54456.exe	Unicorn-62468.exe
PID 1228 wrote to memory of 2700	1228	Unicorn-43356.exe	Unicorn-16797.exe
PID 1228 wrote to memory of 2700	1228	Unicorn-43356.exe	Unicorn-16797.exe
PID 1228 wrote to memory of 2700	1228	Unicorn-43356.exe	Unicorn-16797.exe
PID 1228 wrote to memory of 2700	1228	Unicorn-43356.exe	Unicorn-16797.exe
PID 1724 wrote to memory of 2196	1724	Unicorn-54456.exe	WerFault.exe
PID 1724 wrote to memory of 2196	1724	Unicorn-54456.exe	WerFault.exe
PID 1724 wrote to memory of 2196	1724	Unicorn-54456.exe	WerFault.exe
PID 1724 wrote to memory of 2196	1724	Unicorn-54456.exe	WerFault.exe
PID 2076 wrote to memory of 2128	2076	Unicorn-62468.exe	Unicorn-47606.exe
PID 2076 wrote to memory of 2128	2076	Unicorn-62468.exe	Unicorn-47606.exe
PID 2076 wrote to memory of 2128	2076	Unicorn-62468.exe	Unicorn-47606.exe
PID 2076 wrote to memory of 2128	2076	Unicorn-62468.exe	Unicorn-47606.exe
PID 2700 wrote to memory of 2888	2700	Unicorn-16797.exe	Unicorn-47606.exe
PID 2700 wrote to memory of 2888	2700	Unicorn-16797.exe	Unicorn-47606.exe
PID 2700 wrote to memory of 2888	2700	Unicorn-16797.exe	Unicorn-47606.exe
PID 2700 wrote to memory of 2888	2700	Unicorn-16797.exe	Unicorn-47606.exe
PID 2608 wrote to memory of 2320	2608	Unicorn-47523.exe	Unicorn-41384.exe
PID 2608 wrote to memory of 2320	2608	Unicorn-47523.exe	Unicorn-41384.exe
PID 2608 wrote to memory of 2320	2608	Unicorn-47523.exe	Unicorn-41384.exe
PID 2608 wrote to memory of 2320	2608	Unicorn-47523.exe	Unicorn-41384.exe
PID 1228 wrote to memory of 2860	1228	Unicorn-43356.exe	Unicorn-21518.exe
PID 1228 wrote to memory of 2860	1228	Unicorn-43356.exe	Unicorn-21518.exe
PID 1228 wrote to memory of 2860	1228	Unicorn-43356.exe	Unicorn-21518.exe
PID 1228 wrote to memory of 2860	1228	Unicorn-43356.exe	Unicorn-21518.exe
PID 1272 wrote to memory of 332	1272	Unicorn-23490.exe	Unicorn-17434.exe
PID 1272 wrote to memory of 332	1272	Unicorn-23490.exe	Unicorn-17434.exe
PID 1272 wrote to memory of 332	1272	Unicorn-23490.exe	Unicorn-17434.exe
PID 1272 wrote to memory of 332	1272	Unicorn-23490.exe	Unicorn-17434.exe
PID 1272 wrote to memory of 808	1272	Unicorn-23490.exe	WerFault.exe
PID 1272 wrote to memory of 808	1272	Unicorn-23490.exe	WerFault.exe
PID 1272 wrote to memory of 808	1272	Unicorn-23490.exe	WerFault.exe
PID 1272 wrote to memory of 808	1272	Unicorn-23490.exe	WerFault.exe
PID 1228 wrote to memory of 1252	1228	Unicorn-43356.exe	WerFault.exe
PID 1228 wrote to memory of 1252	1228	Unicorn-43356.exe	WerFault.exe
PID 1228 wrote to memory of 1252	1228	Unicorn-43356.exe	WerFault.exe
PID 1228 wrote to memory of 1252	1228	Unicorn-43356.exe	WerFault.exe
PID 2128 wrote to memory of 2512	2128	Unicorn-47606.exe	Unicorn-39184.exe
PID 2128 wrote to memory of 2512	2128	Unicorn-47606.exe	Unicorn-39184.exe
PID 2128 wrote to memory of 2512	2128	Unicorn-47606.exe	Unicorn-39184.exe
PID 2128 wrote to memory of 2512	2128	Unicorn-47606.exe	Unicorn-39184.exe

C:\Users\Admin\AppData\Local\Temp\2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe
"C:\Users\Admin\AppData\Local\Temp\2d1d095116bd3483b7f48e5ffbefd4dc5c37ae6668d980385baae60900521e57.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        11⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        12⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        13⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        9⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        11⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
        12⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        13⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        13⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        12⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47438.exe
        11⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        12⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        11⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        9⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        8⤵
        Program crash
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
        7⤵
        Program crash
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        11⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        13⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
        12⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        10⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        9⤵
        Program crash
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 220
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 220
        11⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
        9⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        8⤵
        Program crash
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21408.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
        11⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
        12⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 220
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        Program crash
        
        PID:884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        6⤵
        Program crash
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        10⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        12⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        10⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 220
        12⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 220
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        10⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        11⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        12⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 204
        12⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        11⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        9⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        8⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        11⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        11⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        10⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        11⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
        11⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        8⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        10⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        11⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7869.exe
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        11⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        10⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 204
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        10⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        10⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
        10⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        9⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        8⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        7⤵
        Program crash
        
        PID:3724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:1552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 220
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        11⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        12⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 220
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 220
        12⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16940.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        11⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
        12⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 220
        11⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 220
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        11⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        12⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        9⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        8⤵
        Program crash
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        7⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
        11⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        12⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        11⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        10⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        11⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        8⤵
        Program crash
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
        7⤵
        Program crash
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44402.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
        11⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 220
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 220
        11⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        11⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 220
        10⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        10⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        11⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 204
        11⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        8⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
        7⤵
        Program crash
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        6⤵
        Program crash
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        12⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        10⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        11⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        10⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        11⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        11⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        10⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        8⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
        7⤵
        Program crash
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        6⤵
        Program crash
        
        PID:880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        5⤵
        Program crash
        
        PID:1856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        12⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
        13⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 236
        12⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        11⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        11⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
        12⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        12⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        10⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12715.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        11⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        12⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 204
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        11⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
        9⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        8⤵
        Program crash
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43717.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
        11⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        12⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        13⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        12⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        11⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        12⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        10⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        11⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        12⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 236
        11⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        8⤵
        Program crash
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        7⤵
        Program crash
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        11⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        13⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        13⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        12⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        11⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        12⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
        11⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        12⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 220
        11⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        8⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        12⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        12⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        10⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        11⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 204
        11⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
        10⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        8⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
        7⤵
        Program crash
        
        PID:3420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        6⤵
        Program crash
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
        11⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        12⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
        12⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
        10⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        11⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        10⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 220
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        7⤵
        Program crash
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        10⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        11⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        11⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
        10⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        9⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
        10⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        10⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
        9⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        8⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        7⤵
        Program crash
        
        PID:5012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        6⤵
        Program crash
        
        PID:1504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        5⤵
        Program crash
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        9⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        10⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        11⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 236
        10⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        9⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        8⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        7⤵
        Program crash
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        10⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
        11⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 220
        10⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 216
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        9⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        10⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 220
        10⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        9⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        8⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
        7⤵
        
        PID:4584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        6⤵
        Program crash
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        10⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        9⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        8⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        7⤵
        Program crash
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        10⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
        10⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        9⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        7⤵
        
        PID:4680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        6⤵
        Program crash
        
        PID:3952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        5⤵
        Program crash
        
        PID:2424
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        8⤵
        Executes dropped EXE
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 244
        9⤵
        Program crash
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        11⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        12⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
        11⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        8⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29188.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        11⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        12⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        12⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        11⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53328.exe
        10⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        11⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 204
        11⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        8⤵
        Program crash
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        11⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        12⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        11⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        10⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 204
        11⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        10⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        10⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        11⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 204
        11⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        10⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
        8⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        6⤵
        Program crash
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        8⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 240
        9⤵
        Program crash
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        10⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        11⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        10⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        11⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
        11⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        10⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        8⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        7⤵
        Program crash
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
        10⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        11⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        11⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        10⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        9⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        10⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 204
        10⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        9⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        8⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        7⤵
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        6⤵
        Program crash
        
        PID:2884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        5⤵
        Program crash
        
        PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        12⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        12⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        10⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        8⤵
        Program crash
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        10⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        11⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        11⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 220
        7⤵
        Program crash
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        6⤵
        Program crash
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        6⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        10⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        11⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
        11⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64993.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        9⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        10⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 204
        10⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 220
        9⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        8⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        8⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        7⤵
        
        PID:6296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        6⤵
        Program crash
        
        PID:3984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        5⤵
        Program crash
        
        PID:1616
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        11⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 204
        12⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        10⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
        11⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 204
        11⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        10⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        10⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        12⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 236
        11⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        10⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        11⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        10⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        9⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
        8⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        7⤵
        Program crash
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        10⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        11⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        10⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
        9⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        10⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 236
        10⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        9⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        8⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        7⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        6⤵
        Program crash
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        10⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
        11⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        10⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        9⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        10⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 204
        10⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        8⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 220
        7⤵
        Program crash
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
        10⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        9⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        8⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        7⤵
        
        PID:5696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
        6⤵
        Program crash
        
        PID:3616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        5⤵
        Program crash
        
        PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        10⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        11⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
        11⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        9⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        9⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        10⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        9⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        8⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        9⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        10⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        9⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 216
        8⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        7⤵
        
        PID:5688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        6⤵
        Program crash
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
        8⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        10⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 236
        9⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        8⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        9⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 204
        9⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        8⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        7⤵
        
        PID:7316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        6⤵
        
        PID:5552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
        5⤵
        Program crash
        
        PID:2460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
      4⤵
      Program crash
      PID:2324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
  2⤵
  - Program crash
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe

Filesize
184KB

MD5
438388620cc485d3f997cb05c8ea4786

SHA1
651537996596d7e1b8640d127c3f27dfc43f7361

SHA256
fe2466dd27f12fac7a8dffd7c5abc6b93598552bead4447dfb3dc2e86e9fff96

SHA512
00336271015a4e30a155f60c750cc51773dc26e5f6e9439262653fbe8ff731487186cb6b2d7be9a83c2bd313b14dd2f6487d398592aaf2c643f4826c717779ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe

Filesize
184KB

MD5
66264642f6c082532a2dd16b65010041

SHA1
94d167a40be9c4945a099c84a6c33aefb2d5fa95

SHA256
a6a73aff3985bb7fbd6351b410621820f5f3f92aa812c3b92dc2b89d1d06e079

SHA512
235ed3f6ef136608a436ca391d24d2222dac9cd5ac2e04b25395a9b0767af1eb24da03cf5389c297b8ef430140da8d32a82b4b43eed1ecd013039085d3cd25f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe

Filesize
184KB

MD5
7d2f103543b222154c2f2c55f725d650

SHA1
622abca1c6798d62946fadbde048d3f18b09858a

SHA256
ce8870b9da4d6ed0256b23485306721292399bd24fbe2d50e664b89a97aa483f

SHA512
a43115c8a19cfb72bc7ab43c81117515ff7e45432ccab0003589a0b700677f93ccc8c6f66b2b6cd3c2aafb9d0cbb57f55824ec2bfffc5e05990eb92c6e160d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe

Filesize
184KB

MD5
c9e1dbe9346836a448db89b9a9519056

SHA1
beeef070419d3b412d7c719fbda75696b9f41f4e

SHA256
a032f7a7693004bad5164518ac88ce7e0d65038aa92b2e0c9cf61d92593ba7a5

SHA512
c944a8e15716a665837df564b40975160a965e48e2979ccd5af3f3dfb693de670d59c384c57ac03565ab72fe7a129113c1ec17b26d7c3575247605a2eb3e4e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe

Filesize
184KB

MD5
201adc4ac28e7360592357afe6d35332

SHA1
80866e6be3c802d812597d5b71d1afe9f2e6248f

SHA256
b5b02a2836e4897480800c43c319c1419caad62e4ef7e8f233ec28a27a9e660b

SHA512
57a29867c017bda2f6adb03b357e65549e7a0aa48a3b983c7826859d47c082e2e9b99655fa9fd457c5aadc6563896c25f0b759244c5f20368749df4b4bfc1701

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe

Filesize
184KB

MD5
a429825b494258e7c01dbfc5471660f0

SHA1
07fadc8202f1fde2ab740b3c2464cef6a8227020

SHA256
38650dcdb6bc7ce89e9bba7e90e11336c39d70574e36269e16f75dc9c41a193f

SHA512
6685bcf18e895d4786d3a57bb570730cec52eaa21ad6c04afee529a6526069d2b7c5987f28f42c1c1f40ace9ef098a9eb820c55ec0ee325ee68cd38fdb63feae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe

Filesize
184KB

MD5
194bc3e0614067802e3d332cf02c66d0

SHA1
8be87410f5cd534032ac9387d96572bcfe5ec572

SHA256
0e8026d741f17f426223f4ccbc568aca74c52193d5ed3ceea55b5d0a18525896

SHA512
07ba9b8068cbaa80398f824862d49a90d7c2176bf8d8a33d022d9ab4f2b6c3d8392a31aa0be75f90fa02ba7816243f7a8f1b6f0d67f2eb26152291ef65b483b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe

Filesize
184KB

MD5
4ab333db7e38953816e02451560dc1cf

SHA1
e6442cff37a36f0916bc297795dc9e075c7e2d13

SHA256
dc627c3e9c5fd75f745be09cd1c815818e38f6e8b6e6926b60b55e8b471112e4

SHA512
3bd4d4cb886728d3470cef2dede09a944d6c76139068aa9afa16da933ff13a6ad43cb49bc7a1a9e28c7db83323dec3dedfd76dbd6fedcdb4111d48d6152b2647

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe

Filesize
184KB

MD5
72535ae18ec90f9ba246a570ef143766

SHA1
43320fdbc4bd7f9a1499777cb6c2fc2ce3fc9d3c

SHA256
96faaa86ff9bebafda2fe1e6010589aa789585af89ceaa6b364e75adf87ebaf2

SHA512
988aadcb3c0be7422fcf24b161247b0be851c8fe4dae89090138b33395f55820455c1f8d4d869a34abb9a2668e1563497e9987c46f995b5d065066f13985bea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe

Filesize
184KB

MD5
764fbebf147115651d50147320013204

SHA1
01493c17683c0f97586a2843983d7f05e820c8d7

SHA256
3d6246ff68afb6ce9359491d9e58e8ae79ca402e8f9b531f58e9c52ee5832ec3

SHA512
dfb83674a27abc39438b97dc0727ecbd8f3545d09d3d3c8b945753d822db8e9c3880197d456eca2c9120af24428c66c08d111eabb30c8f4d6df54e97f1d66e62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe

Filesize
184KB

MD5
3e64472ff66257926a1a405f7cfce551

SHA1
f734479c0b005652baa41b011dbea6de9737f8bd

SHA256
ab8bf919965cc528bd4ef895d02bb804e66af3b5f0676183eda3502f695084ff

SHA512
7cecd3068472cd335c439bf81b08bbc2a3c0496f14b5bfc562c4051e21bf83f7ed68af07b344ac3b148a362878e31b16fdc170e8032795ddacdafe01b7146a5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe

Filesize
184KB

MD5
b46949e57557309abc5ec4f73a11906d

SHA1
55ff395e00827a9011a02c8b87b49d6206a2efbe

SHA256
94a5d9335c5352eb5312873b05b6e830e5a623270a06dce1b28ef44fc4fd923b

SHA512
82e26a5780d3e54b0b9dc80d4b0f85e6cc257dcc418ebf80c147c41d84ef94564050a0bca16bb2bc5008f27f085e8bd664d2d64efa30952ae07eb61a468622d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe

Filesize
184KB

MD5
2856e2b84915ccf155deb05d366a12dd

SHA1
6442e57d671e00fad9ca60af5afa045650aa9381

SHA256
dd827e1ef8212a56cbe368a87c72f6485cf3080b7f7917d3e3b515c6b0bb9755

SHA512
c9c8cb6c86e714a53a76673cc7cc1861522d07dca6b7d1f4b1a0c9427866a69114f521915f81b532b9ce71128870591933adddcbbc26a1c664ae77f921f3880b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe

Filesize
184KB

MD5
ef1cf8fa5c324ee8853122c39dda2651

SHA1
4f9c4aba8329c851ee3e54491e50725cc739250e

SHA256
857c7287836765766eb58195a04230bba97d1f1e19334adcf9aaa0c15c1fa188

SHA512
ace84dc910a1f05c8cf1702f1669f77803ae8fef9f18ce40b24837483113cb0f6d59438a34b498c7a87029713337981e8e8048c6d10fef36804a427eb76228e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe

Filesize
184KB

MD5
717d9c6a317c86422ad2891c176b2868

SHA1
997ea1ded489eaef94315ce15650f9c633b7fe0d

SHA256
022fceff65988e2c052a6c17eb20a307e92f3b4bd711ee2274574c0aaa051688

SHA512
5a99886b421c33fc55c533d33bac744b6e9c1f0faf8e54b29284245a36a840451b5d37172df7ebcfbc1944c57f663bff7b8247b5f01104ca0bd8d8b4080dc77b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe

Filesize
184KB

MD5
e654ee8ce8220022f2c812b6f01bfc76

SHA1
65ef7bfbd34e3a01c9b1030f20143ab9165569ef

SHA256
89d188d010dd69677b40c42a6de6d0fb293af934d572a97667413f9b49a6f885

SHA512
ad13c22cd45fdf56653efb7a5331d38b441e5d5c719e40a24596231a4a6164e04fd1e20b7f8eb4fbeaf324018252276781ca89e939a1da3275963c3dcebcdb34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe

Filesize
184KB

MD5
3293cc33b409bbb84fcc187c2753f08e

SHA1
5da1ce3e7f1949edae3deffe51b711dc500d76ce

SHA256
985ba0f1004d340bb0bbb15233a453709472371b03c68e816cbe2dac9f38a015

SHA512
5b212c05b4a937f3d607362572edf2675d254bf35b79fc88d2461c309e9c16da0006d9cf6090c87c78f68546a83cfda2795f1e03a66f52add653a0681d68d071

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe

Filesize
184KB

MD5
c6942e067fdd6371b67fbb4b843dc5a0

SHA1
eeffe80382bb254cf21da3438d76e7f921671fc7

SHA256
ee663b9d7895b2275dca0437cbacd563f9fbbc6382b682af5d448b3fb799a91e

SHA512
1dcb17a0f03aa33b9deb24b974e0a3ad5054f0816a49366764c927c4fd32ee62d01bf10dea35b6c2dedb0d9bc8980d679f897b3029666a07f60c2afc0d6eaa70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe

Filesize
184KB

MD5
87e2604fca1f97237b2b1170f0c90bba

SHA1
9f982ae2ddb13bdc45accd698fd2976e206d1b8d

SHA256
318c2ce098613f833891bbae3f31152da6f4792ba02a0ca7cbf553a8a33eb0d5

SHA512
f50216afcaa18a7868418d2a17bbc3d2eddc2ba02982615d3225acf164807c223830b72d93a80bff2ee0a479a2a955d97a84ece2e6c1e0ed78379842118f5eb7

Download Submit