3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
Size

184KB
MD5

1041a7f297da2a6f60ae2de0664e2dc3
SHA1

18462dbf3eaa6b1c0946b09f711e7c9d59002ee9
SHA256

3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50
SHA512

5a8d88a7fd4ff379d25c52dff7d8698f6f302c91bda16ae0675d45edd054a770f680ddb62e667c8da5269c4cd1e17a7e0ebe5b9117e05cc7a1ca8937b5412d8b
SSDEEP

1536:G7rR6j4lu+w7oyxI5PiAlpwHGKIyvhclPmd8qS892bzmt+hl5hj5nizpOD:QAP+w7ou6PiomGpWWyS89sE+hlnViFY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-21540.exeUnicorn-16434.exeUnicorn-27294.exeUnicorn-8903.exeUnicorn-24685.exeUnicorn-63579.exeUnicorn-20684.exeUnicorn-839.exeUnicorn-11700.exeUnicorn-62292.exeUnicorn-38342.exeUnicorn-63444.exeUnicorn-39494.exeUnicorn-57222.exeUnicorn-53693.exeUnicorn-12105.exeUnicorn-18882.exeUnicorn-8021.exeUnicorn-24633.exeUnicorn-35493.exeUnicorn-14326.exeUnicorn-6713.exeUnicorn-59251.exeUnicorn-39385.exeUnicorn-55167.exeUnicorn-18219.exeUnicorn-59806.exeUnicorn-10050.exeUnicorn-59806.exeUnicorn-48945.exeUnicorn-53919.exeUnicorn-43058.exeUnicorn-8247.exeUnicorn-61532.exeUnicorn-39528.exeUnicorn-12331.exeUnicorn-8823.exeUnicorn-19684.exeUnicorn-655.exeUnicorn-59970.exeUnicorn-17546.exeUnicorn-6685.exeUnicorn-17546.exeUnicorn-33328.exeUnicorn-27106.exeUnicorn-27106.exeUnicorn-53748.exeUnicorn-33882.exeUnicorn-48294.exeUnicorn-28258.exeUnicorn-26866.exeUnicorn-52762.exeUnicorn-52762.exeUnicorn-59539.exeUnicorn-6576.exeUnicorn-48164.exeUnicorn-6275.exeUnicorn-50323.exeUnicorn-61506.exeUnicorn-54962.exeUnicorn-50878.exeUnicorn-16067.exeUnicorn-11983.exeUnicorn-31849.exe

pid	process
2184	Unicorn-21540.exe
2244	Unicorn-16434.exe
3020	Unicorn-27294.exe
2660	Unicorn-8903.exe
2520	Unicorn-24685.exe
2756	Unicorn-63579.exe
2548	Unicorn-20684.exe
2600	Unicorn-839.exe
2408	Unicorn-11700.exe
2852	Unicorn-62292.exe
756	Unicorn-38342.exe
564	Unicorn-63444.exe
1380	Unicorn-39494.exe
2668	Unicorn-57222.exe
2476	Unicorn-53693.exe
2712	Unicorn-12105.exe
2664	Unicorn-18882.exe
2944	Unicorn-8021.exe
1652	Unicorn-24633.exe
1484	Unicorn-35493.exe
1144	Unicorn-14326.exe
1972	Unicorn-6713.exe
2844	Unicorn-59251.exe
688	Unicorn-39385.exe
2904	Unicorn-55167.exe
2104	Unicorn-18219.exe
936	Unicorn-59806.exe
2008	Unicorn-10050.exe
1984	Unicorn-59806.exe
2280	Unicorn-48945.exe
2252	Unicorn-53919.exe
460	Unicorn-43058.exe
2816	Unicorn-8247.exe
2488	Unicorn-61532.exe
2604	Unicorn-39528.exe
2784	Unicorn-12331.exe
1996	Unicorn-8823.exe
2432	Unicorn-19684.exe
2360	Unicorn-655.exe
640	Unicorn-59970.exe
3008	Unicorn-17546.exe
2856	Unicorn-6685.exe
1908	Unicorn-17546.exe
2544	Unicorn-33328.exe
1920	Unicorn-27106.exe
1592	Unicorn-27106.exe
1528	Unicorn-53748.exe
1472	Unicorn-33882.exe
440	Unicorn-48294.exe
1784	Unicorn-28258.exe
1456	Unicorn-26866.exe
2964	Unicorn-52762.exe
2936	Unicorn-52762.exe
2084	Unicorn-59539.exe
2800	Unicorn-6576.exe
1608	Unicorn-48164.exe
2228	Unicorn-6275.exe
2884	Unicorn-50323.exe
940	Unicorn-61506.exe
2568	Unicorn-54962.exe
1704	Unicorn-50878.exe
2576	Unicorn-16067.exe
2628	Unicorn-11983.exe
2624	Unicorn-31849.exe

Loads dropped DLL 64 IoCs

Processes:

3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exeUnicorn-21540.exeUnicorn-16434.exeUnicorn-27294.exeWerFault.exeUnicorn-8903.exeUnicorn-24685.exeUnicorn-63579.exeWerFault.exeWerFault.exeUnicorn-20684.exeUnicorn-11700.exeUnicorn-38342.exeUnicorn-62292.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
2184	Unicorn-21540.exe
2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
2184	Unicorn-21540.exe
2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
2184	Unicorn-21540.exe
2244	Unicorn-16434.exe
2184	Unicorn-21540.exe
2244	Unicorn-16434.exe
3020	Unicorn-27294.exe
3020	Unicorn-27294.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2660	Unicorn-8903.exe
2660	Unicorn-8903.exe
2520	Unicorn-24685.exe
2520	Unicorn-24685.exe
3020	Unicorn-27294.exe
3020	Unicorn-27294.exe
2756	Unicorn-63579.exe
2756	Unicorn-63579.exe
2244	Unicorn-16434.exe
2244	Unicorn-16434.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
2548	Unicorn-20684.exe
2548	Unicorn-20684.exe
2660	Unicorn-8903.exe
2660	Unicorn-8903.exe
2408	Unicorn-11700.exe
2408	Unicorn-11700.exe
756	Unicorn-38342.exe
756	Unicorn-38342.exe
2520	Unicorn-24685.exe
2852	Unicorn-62292.exe
2520	Unicorn-24685.exe
2852	Unicorn-62292.exe
2756	Unicorn-63579.exe
2756	Unicorn-63579.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
272	WerFault.exe
272	WerFault.exe
272	WerFault.exe
272	WerFault.exe
272	WerFault.exe
1116	WerFault.exe
1116	WerFault.exe
1116	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2240	2304	WerFault.exe	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
2384	2184	WerFault.exe	Unicorn-21540.exe
1936	3020	WerFault.exe	Unicorn-27294.exe
1520	2244	WerFault.exe	Unicorn-16434.exe
1224	2660	WerFault.exe	Unicorn-8903.exe
272	2520	WerFault.exe	Unicorn-24685.exe
1116	2756	WerFault.exe	Unicorn-63579.exe
2216	2548	WerFault.exe	Unicorn-20684.exe
2336	2408	WerFault.exe	Unicorn-11700.exe
1992	2600	WerFault.exe	Unicorn-839.exe
3000	2852	WerFault.exe	Unicorn-62292.exe
2832	756	WerFault.exe	Unicorn-38342.exe
428	564	WerFault.exe	Unicorn-63444.exe
1928	1380	WerFault.exe	Unicorn-39494.exe
1728	2712	WerFault.exe	Unicorn-12105.exe
2344	2944	WerFault.exe	Unicorn-8021.exe
2352	2668	WerFault.exe	Unicorn-57222.exe
2744	2664	WerFault.exe	Unicorn-18882.exe
588	2476	WerFault.exe	Unicorn-53693.exe
2824	1144	WerFault.exe	Unicorn-14326.exe
1924	1972	WerFault.exe	Unicorn-6713.exe
2692	2844	WerFault.exe	Unicorn-59251.exe
2056	2904	WerFault.exe	Unicorn-55167.exe
2872	2280	WerFault.exe	Unicorn-48945.exe
1108	1652	WerFault.exe	Unicorn-24633.exe
2740	1984	WerFault.exe	Unicorn-59806.exe
2696	2104	WerFault.exe	Unicorn-18219.exe
1948	936	WerFault.exe	Unicorn-59806.exe
584	688	WerFault.exe	Unicorn-39385.exe
2372	1484	WerFault.exe	Unicorn-35493.exe
2644	2488	WerFault.exe	Unicorn-61532.exe
2392	1528	WerFault.exe	Unicorn-53748.exe
2284	1592	WerFault.exe	Unicorn-27106.exe
1568	2360	WerFault.exe	Unicorn-655.exe
880	2856	WerFault.exe	Unicorn-6685.exe
2596	1996	WerFault.exe	Unicorn-8823.exe
3112	3008	WerFault.exe	Unicorn-17546.exe
3124	1472	WerFault.exe	Unicorn-33882.exe
3408	2784	WerFault.exe	Unicorn-12331.exe
3628	440	WerFault.exe	Unicorn-48294.exe
3644	2800	WerFault.exe	Unicorn-6576.exe
3708	2544	WerFault.exe	Unicorn-33328.exe
3724	1608	WerFault.exe	Unicorn-48164.exe
3788	2604	WerFault.exe	Unicorn-39528.exe
3804	2252	WerFault.exe	Unicorn-53919.exe
3920	2964	WerFault.exe	Unicorn-52762.exe
3912	2008	WerFault.exe	Unicorn-10050.exe
3964	3016	WerFault.exe	Unicorn-1677.exe
3972	460	WerFault.exe	Unicorn-43058.exe
4028	2440	WerFault.exe	Unicorn-52824.exe
4048	1456	WerFault.exe	Unicorn-26866.exe
3388	2936	WerFault.exe	Unicorn-52762.exe
3404	1784	WerFault.exe	Unicorn-28258.exe
3488	1436	WerFault.exe	Unicorn-13374.exe
3652	596	WerFault.exe	Unicorn-29711.exe
3848	2704	WerFault.exe	Unicorn-44656.exe
3864	640	WerFault.exe	Unicorn-59970.exe
4012	632	WerFault.exe	Unicorn-37879.exe
4020	1732	WerFault.exe	Unicorn-37879.exe
4068	2228	WerFault.exe	Unicorn-6275.exe
3204	900	WerFault.exe	Unicorn-27573.exe
3284	2576	WerFault.exe	Unicorn-16067.exe
3368	2432	WerFault.exe	Unicorn-19684.exe
3680	1920	WerFault.exe	Unicorn-27106.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exeUnicorn-21540.exeUnicorn-16434.exeUnicorn-27294.exeUnicorn-8903.exeUnicorn-63579.exeUnicorn-24685.exeUnicorn-20684.exeUnicorn-839.exeUnicorn-11700.exeUnicorn-62292.exeUnicorn-38342.exeUnicorn-63444.exeUnicorn-39494.exeUnicorn-57222.exeUnicorn-12105.exeUnicorn-53693.exeUnicorn-18882.exeUnicorn-8021.exeUnicorn-24633.exeUnicorn-35493.exeUnicorn-14326.exeUnicorn-6713.exeUnicorn-39385.exeUnicorn-59251.exeUnicorn-55167.exeUnicorn-59806.exeUnicorn-10050.exeUnicorn-59806.exeUnicorn-48945.exeUnicorn-18219.exeUnicorn-43058.exeUnicorn-53919.exeUnicorn-8247.exeUnicorn-61532.exeUnicorn-39528.exeUnicorn-12331.exeUnicorn-8823.exeUnicorn-19684.exeUnicorn-655.exeUnicorn-59970.exeUnicorn-33328.exeUnicorn-6685.exeUnicorn-17546.exeUnicorn-27106.exeUnicorn-17546.exeUnicorn-27106.exeUnicorn-53748.exeUnicorn-33882.exeUnicorn-48294.exeUnicorn-28258.exeUnicorn-26866.exeUnicorn-52762.exeUnicorn-52762.exeUnicorn-59539.exeUnicorn-6576.exeUnicorn-48164.exeUnicorn-6275.exeUnicorn-61506.exeUnicorn-50323.exeUnicorn-50878.exeUnicorn-11983.exeUnicorn-54962.exeUnicorn-16067.exe

pid	process
2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
2184	Unicorn-21540.exe
2244	Unicorn-16434.exe
3020	Unicorn-27294.exe
2660	Unicorn-8903.exe
2756	Unicorn-63579.exe
2520	Unicorn-24685.exe
2548	Unicorn-20684.exe
2600	Unicorn-839.exe
2408	Unicorn-11700.exe
2852	Unicorn-62292.exe
756	Unicorn-38342.exe
564	Unicorn-63444.exe
1380	Unicorn-39494.exe
2668	Unicorn-57222.exe
2712	Unicorn-12105.exe
2476	Unicorn-53693.exe
2664	Unicorn-18882.exe
2944	Unicorn-8021.exe
1652	Unicorn-24633.exe
1484	Unicorn-35493.exe
1144	Unicorn-14326.exe
1972	Unicorn-6713.exe
688	Unicorn-39385.exe
2844	Unicorn-59251.exe
2904	Unicorn-55167.exe
1984	Unicorn-59806.exe
2008	Unicorn-10050.exe
936	Unicorn-59806.exe
2280	Unicorn-48945.exe
2104	Unicorn-18219.exe
460	Unicorn-43058.exe
2252	Unicorn-53919.exe
2816	Unicorn-8247.exe
2488	Unicorn-61532.exe
2604	Unicorn-39528.exe
2784	Unicorn-12331.exe
1996	Unicorn-8823.exe
2432	Unicorn-19684.exe
2360	Unicorn-655.exe
640	Unicorn-59970.exe
2544	Unicorn-33328.exe
2856	Unicorn-6685.exe
3008	Unicorn-17546.exe
1592	Unicorn-27106.exe
1908	Unicorn-17546.exe
1920	Unicorn-27106.exe
1528	Unicorn-53748.exe
1472	Unicorn-33882.exe
440	Unicorn-48294.exe
1784	Unicorn-28258.exe
1456	Unicorn-26866.exe
2964	Unicorn-52762.exe
2936	Unicorn-52762.exe
2084	Unicorn-59539.exe
2800	Unicorn-6576.exe
1608	Unicorn-48164.exe
2228	Unicorn-6275.exe
940	Unicorn-61506.exe
2884	Unicorn-50323.exe
1704	Unicorn-50878.exe
2628	Unicorn-11983.exe
2568	Unicorn-54962.exe
2576	Unicorn-16067.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exeUnicorn-21540.exeUnicorn-16434.exeUnicorn-27294.exeUnicorn-8903.exeUnicorn-24685.exeUnicorn-63579.exeUnicorn-20684.exe

description	pid	process	target process
PID 2304 wrote to memory of 2184	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-21540.exe
PID 2304 wrote to memory of 2184	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-21540.exe
PID 2304 wrote to memory of 2184	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-21540.exe
PID 2304 wrote to memory of 2184	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-21540.exe
PID 2184 wrote to memory of 2244	2184	Unicorn-21540.exe	Unicorn-16434.exe
PID 2184 wrote to memory of 2244	2184	Unicorn-21540.exe	Unicorn-16434.exe
PID 2184 wrote to memory of 2244	2184	Unicorn-21540.exe	Unicorn-16434.exe
PID 2184 wrote to memory of 2244	2184	Unicorn-21540.exe	Unicorn-16434.exe
PID 2304 wrote to memory of 3020	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-27294.exe
PID 2304 wrote to memory of 3020	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-27294.exe
PID 2304 wrote to memory of 3020	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-27294.exe
PID 2304 wrote to memory of 3020	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	Unicorn-27294.exe
PID 2304 wrote to memory of 2240	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	WerFault.exe
PID 2304 wrote to memory of 2240	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	WerFault.exe
PID 2304 wrote to memory of 2240	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	WerFault.exe
PID 2304 wrote to memory of 2240	2304	3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe	WerFault.exe
PID 2184 wrote to memory of 2660	2184	Unicorn-21540.exe	Unicorn-8903.exe
PID 2184 wrote to memory of 2660	2184	Unicorn-21540.exe	Unicorn-8903.exe
PID 2184 wrote to memory of 2660	2184	Unicorn-21540.exe	Unicorn-8903.exe
PID 2184 wrote to memory of 2660	2184	Unicorn-21540.exe	Unicorn-8903.exe
PID 2244 wrote to memory of 2756	2244	Unicorn-16434.exe	Unicorn-63579.exe
PID 2244 wrote to memory of 2756	2244	Unicorn-16434.exe	Unicorn-63579.exe
PID 2244 wrote to memory of 2756	2244	Unicorn-16434.exe	Unicorn-63579.exe
PID 2244 wrote to memory of 2756	2244	Unicorn-16434.exe	Unicorn-63579.exe
PID 3020 wrote to memory of 2520	3020	Unicorn-27294.exe	Unicorn-24685.exe
PID 3020 wrote to memory of 2520	3020	Unicorn-27294.exe	Unicorn-24685.exe
PID 3020 wrote to memory of 2520	3020	Unicorn-27294.exe	Unicorn-24685.exe
PID 3020 wrote to memory of 2520	3020	Unicorn-27294.exe	Unicorn-24685.exe
PID 2184 wrote to memory of 2384	2184	Unicorn-21540.exe	WerFault.exe
PID 2184 wrote to memory of 2384	2184	Unicorn-21540.exe	WerFault.exe
PID 2184 wrote to memory of 2384	2184	Unicorn-21540.exe	WerFault.exe
PID 2184 wrote to memory of 2384	2184	Unicorn-21540.exe	WerFault.exe
PID 2660 wrote to memory of 2548	2660	Unicorn-8903.exe	Unicorn-20684.exe
PID 2660 wrote to memory of 2548	2660	Unicorn-8903.exe	Unicorn-20684.exe
PID 2660 wrote to memory of 2548	2660	Unicorn-8903.exe	Unicorn-20684.exe
PID 2660 wrote to memory of 2548	2660	Unicorn-8903.exe	Unicorn-20684.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-24685.exe	Unicorn-839.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-24685.exe	Unicorn-839.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-24685.exe	Unicorn-839.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-24685.exe	Unicorn-839.exe
PID 3020 wrote to memory of 2408	3020	Unicorn-27294.exe	Unicorn-11700.exe
PID 3020 wrote to memory of 2408	3020	Unicorn-27294.exe	Unicorn-11700.exe
PID 3020 wrote to memory of 2408	3020	Unicorn-27294.exe	Unicorn-11700.exe
PID 3020 wrote to memory of 2408	3020	Unicorn-27294.exe	Unicorn-11700.exe
PID 2756 wrote to memory of 2852	2756	Unicorn-63579.exe	Unicorn-62292.exe
PID 2756 wrote to memory of 2852	2756	Unicorn-63579.exe	Unicorn-62292.exe
PID 2756 wrote to memory of 2852	2756	Unicorn-63579.exe	Unicorn-62292.exe
PID 2756 wrote to memory of 2852	2756	Unicorn-63579.exe	Unicorn-62292.exe
PID 2244 wrote to memory of 756	2244	Unicorn-16434.exe	Unicorn-38342.exe
PID 2244 wrote to memory of 756	2244	Unicorn-16434.exe	Unicorn-38342.exe
PID 2244 wrote to memory of 756	2244	Unicorn-16434.exe	Unicorn-38342.exe
PID 2244 wrote to memory of 756	2244	Unicorn-16434.exe	Unicorn-38342.exe
PID 2244 wrote to memory of 1520	2244	Unicorn-16434.exe	WerFault.exe
PID 2244 wrote to memory of 1520	2244	Unicorn-16434.exe	WerFault.exe
PID 2244 wrote to memory of 1520	2244	Unicorn-16434.exe	WerFault.exe
PID 2244 wrote to memory of 1520	2244	Unicorn-16434.exe	WerFault.exe
PID 3020 wrote to memory of 1936	3020	Unicorn-27294.exe	WerFault.exe
PID 3020 wrote to memory of 1936	3020	Unicorn-27294.exe	WerFault.exe
PID 3020 wrote to memory of 1936	3020	Unicorn-27294.exe	WerFault.exe
PID 3020 wrote to memory of 1936	3020	Unicorn-27294.exe	WerFault.exe
PID 2548 wrote to memory of 564	2548	Unicorn-20684.exe	Unicorn-63444.exe
PID 2548 wrote to memory of 564	2548	Unicorn-20684.exe	Unicorn-63444.exe
PID 2548 wrote to memory of 564	2548	Unicorn-20684.exe	Unicorn-63444.exe
PID 2548 wrote to memory of 564	2548	Unicorn-20684.exe	Unicorn-63444.exe

C:\Users\Admin\AppData\Local\Temp\3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe
"C:\Users\Admin\AppData\Local\Temp\3081857af37f798f57dd2ee6f50c1b5e38f27d8badbd41e629a6798882bedc50.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        11⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        12⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        13⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        14⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        13⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        12⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        11⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        10⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        9⤵
        Program crash
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        11⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        12⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        13⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        13⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        12⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        11⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        11⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        12⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        8⤵
        Program crash
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        11⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15903.exe
        12⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        13⤵
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        11⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
        10⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        9⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        11⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        8⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        8⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        10⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        11⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        8⤵
        Program crash
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        11⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        12⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
        12⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
        8⤵
        Program crash
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        7⤵
        Program crash
        
        PID:2740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        6⤵
        Program crash
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
        11⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        12⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        13⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        12⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        11⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        10⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        9⤵
        Program crash
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        8⤵
        Program crash
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        10⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        11⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        11⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        7⤵
        Program crash
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        10⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27683.exe
        11⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 236
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        8⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        7⤵
        Program crash
        
        PID:3124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        6⤵
        Program crash
        
        PID:2744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8823.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
        12⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        11⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        9⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        8⤵
        Program crash
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        11⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        12⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
        9⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        8⤵
        Program crash
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        7⤵
        Program crash
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27573.exe
        7⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        12⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        9⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 216
        8⤵
        Program crash
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48803.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
        9⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        7⤵
        Program crash
        
        PID:3368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        11⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 236
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 216
        8⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        7⤵
        Program crash
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17081.exe
        10⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        11⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 236
        10⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        8⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        7⤵
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        6⤵
        Program crash
        
        PID:584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 220
        5⤵
        Program crash
        
        PID:2832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        11⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        12⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 460 -s 236
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        8⤵
        Program crash
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        7⤵
        Program crash
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
        12⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        10⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
        9⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 236
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        11⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        10⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        Program crash
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        6⤵
        Program crash
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        9⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
        11⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        12⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
        11⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        9⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 216
        8⤵
        Program crash
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
        10⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        11⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
        8⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 236
        10⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        9⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        8⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        7⤵
        
        PID:4288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        6⤵
        Program crash
        
        PID:2372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        5⤵
        Program crash
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        11⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        12⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        9⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        8⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        10⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 236
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
        7⤵
        Program crash
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28917.exe
        7⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        11⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        10⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        9⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        10⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        8⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        
        PID:4340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        6⤵
        Program crash
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57874.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52747.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        11⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
        11⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        10⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        7⤵
        Program crash
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        9⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        10⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        9⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        8⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        7⤵
        
        PID:4868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        6⤵
        Program crash
        
        PID:3788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
        5⤵
        Program crash
        
        PID:1928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1224
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 236
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 236
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
        9⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        11⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        10⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
        8⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        Program crash
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        10⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        11⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
        11⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
        8⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        6⤵
        Program crash
        
        PID:1924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        5⤵
        Program crash
        
        PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        11⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        11⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        10⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29279.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
        10⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        8⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
        7⤵
        Program crash
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        10⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        11⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
        8⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        7⤵
        Program crash
        
        PID:3724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        6⤵
        Program crash
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        6⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        11⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
        7⤵
        Program crash
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        6⤵
        
        PID:2752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        6⤵
        Program crash
        
        PID:3112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        5⤵
        Program crash
        
        PID:588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        12⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        11⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
        8⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        10⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        8⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        7⤵
        Program crash
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54403.exe
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 216
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        7⤵
        Program crash
        
        PID:3848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        6⤵
        Program crash
        
        PID:2696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        5⤵
        Program crash
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        11⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        10⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
        9⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        8⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        7⤵
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
        6⤵
        Program crash
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        9⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        9⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
        8⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        7⤵
        
        PID:4964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        6⤵
        
        PID:3472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        5⤵
        Program crash
        
        PID:1948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
      4⤵
      Program crash
      PID:2336
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
  2⤵
  - Program crash
  PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe

Filesize
184KB

MD5
09ed66b20236697ead71baca31d824f1

SHA1
dbb2dcec4efb1607c5cf34c4d2036b32bfb3fabb

SHA256
bb6f094f6b1bd3e738149ba406e6a06da006def4abe43c5cc5926227b9f37f48

SHA512
e8aab36b4591e019b2f5c79b642206471aa207ae72cc82e849ca3b69131be678ee0204e5a4e02e58faa07d0e5dfb8b8de1891087ac62aa711c89503ba27874db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe

Filesize
184KB

MD5
99f0661638510ccd85566b3e055041a7

SHA1
0391e202b67e5fe95758835a1d290278da22106e

SHA256
f655c03c194484d15efd6725835df8126a4c3e38ae94b5d88b0d301d62e14804

SHA512
723a635b648a6505eb49f6b1df2ff260e8db7129109ee3b183079b360a661e85148e6a529c8cdf3a401bc7d2c300ab8024060a9d41565c0b7f9a0980691098d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe

Filesize
184KB

MD5
9adaa2af675c47d474f9651d1736cbde

SHA1
f75b650be5ea4a0fbe283238b98c014acd77f06b

SHA256
fd9492dd8867c52e495ccd73886b07f40df6b58710429b2abe4f81422d220ec5

SHA512
2883a72053b25309a6bdfe459d875a167a7854ee72646c940771d4aabf5c6614fe14d9e0c139a87a9c7d8e2f5b06c469dd0b95a8d0f25cc786a653dc940f9fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe

Filesize
184KB

MD5
7d8e33fdcc8d3f897d64265d49bee175

SHA1
0a4f5011dc71be12ba9162f671bcc322a4cd98b5

SHA256
c159e2a60e15919a0d1e19d5b885c555d5edee04cc88ebbfcab4d086981e373c

SHA512
f704d6384748aa1d5beb330bb6485ce0f0c14e3cc1e5772fe4bec76edb6f4ff5c0f84578a36b4e44964ae1bcd98053d151c78ec36e1493c591c368199d921e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe

Filesize
184KB

MD5
ab4ce07d01962de0d4afc4ca6905c01b

SHA1
52a7cd61c8f6cb01d4b56bb28fa7642a48db1e09

SHA256
b506a8fed24284d81621b612e4df50833b75fba27762acd3d9b369636e0a690b

SHA512
77b7edc00f537e0feaebf6eff58a3f587cbb27f3651550f18d626633d2ec64064efc1bd606b9b6e0cf8450938c4aeaa597b3e2c461cdec621dd3ae8b6dc252d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe

Filesize
184KB

MD5
a029acdefe5d3866eaa7bb660332f9f4

SHA1
dc98ed35e1e4e97adaa97a0ea4e13f2a78c8b80c

SHA256
28d3b39b0bd3ea9138f3798c36cb915d6e0688968e1155654bd1e322bf584bfb

SHA512
e1cc2e681a5750e2190dda0ed0b7e1074e751fdd33f62d00446ab5ffd5090a095c2847722460ed121fdd064ec54575c331740853beaabe8d1a9e89d2404114e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6275.exe

Filesize
184KB

MD5
3b790203ea9875661c0b1b2082c31125

SHA1
d90483dc25ccbb5dbbdc1eb0bd20f68bdc38edab

SHA256
1ffdeb5a6b884b0d76d5d070f3727c0277a675fd4a4ce8d6c5e723731d4d3389

SHA512
a6426a007109ea44ad102af7af5000b223f72414511ebccb47fc01259dde5c983798ee2d5f9f0ce7bdebed25d1d91f3a46bdaf3c7f32ed76ee35ff019c7a758a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe

Filesize
184KB

MD5
35742fd4a82c9f5ff47ed9f0d6e78ba2

SHA1
336654a636a9a4fa757ea34b900aa1d88dceb4b6

SHA256
5bb48e81172e9d6e616b009bfb3b6dd05c5a7bf295906866bb15ed8421299d45

SHA512
bb7d33b61793d45341cecdbb521f60db718d688cb2dc6ff272ba96fdb3edeaadbaba0f52d77f6b8b2a0d0be78c1e4e1e940c7d67bc40a4a96bcb048f8ccb9451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6576.exe

Filesize
184KB

MD5
01948b3d43d67167ebb91a8c63a91f22

SHA1
08274ec505ebd806405691752c2551c1bc9ff0bf

SHA256
1f934edc270314bd2c883a5379b857c7f0a8b8a35b9558d63fcad91c1d3624fc

SHA512
3b8a1ece21631adb5910b1cf632b44f36d1cdc52db07202df20105051d04a6414bf06ca07089496d95486d040f35ee6dff380a16aa008153ef1431169c928b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe

Filesize
184KB

MD5
c14216c3f38eea5c0f06bb5839c3c116

SHA1
70f615395b13657c45e5e7aeef78fea2d7a18f38

SHA256
0aa26df0718d6a6b83c123d8d7648580c2a2be79e3457d54719d0df80db25f74

SHA512
a0a77468343ed5fe01d58e8af7e75be19df53353fb886a72f8acb10513ec232e4ec1753a4aaa4aacf4c5e4d5dfb3ca4e407933c86659d9d24a2b3aa8c5b24a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe

Filesize
184KB

MD5
bf555d218787a21c237d05d7fa5025b9

SHA1
736a17be27d8765fb9e60682e4cb02e62ec57f60

SHA256
c3a913f93dcdc5f93483c2fd58c47975d2ddf8e6db44f470a75bbf41cf80ab08

SHA512
1b088c0145a38db0b718e01cbc53bf4db88ba9aa7bbfed4c1139b8ec0555c50f5004afe1001095dd3503b4f11087e134d183941cf124f530aa7badfef0ffcbaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe

Filesize
184KB

MD5
66ce892610a60e1fed26c4b5aa7889c2

SHA1
832e4e953794d5b68da86c8a78969376cd5d84c1

SHA256
62fe263aa247d43133abc667a2481279dc4762bf99697bbc15549344f4f7c85b

SHA512
e3d58da5dc0aa3aa8060a56728ee9500c3196eeb3ed355215063a8f42f5c66f10cca701e6997b2e43edb74e123f5ef2308079de93461650f9f2fbf2e1ea17266

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe

Filesize
184KB

MD5
032483930f1f65b0b54c0c3af8f0e555

SHA1
d0f6a0969f8e09a367f4de31ea9726189605dea1

SHA256
4a061a61f92f8911209d142b7ab7d07498958b09c1e0117a869a9267936567c5

SHA512
7bd92a6ae615a5f2b05d9743d20289302edf8e0a8d100482a2d5cf50b9037a29786419acd0c6f9730bdf905d6b229ba8aad9d74dfc2397fb8833abd6670dba3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe

Filesize
184KB

MD5
f8a9a82fc02713e674bdfcdcd85fed41

SHA1
ae44a33031383823610e81f9d06c4f289fddd821

SHA256
0bd7918587f348b38a099303e873e741c40a082f00c2ad0c55b9d088e274c45a

SHA512
d795f039489e4a848d8392c5b68188e31bcf8c0457004ed041094d19529710069f14ad2d142debb06bca3c5f14b12a6a397be3dead2e1e95393c41c3c38e02a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe

Filesize
184KB

MD5
793e3d1d48c7b23ec9535e2b3ead839a

SHA1
d44dfc91772cec6e7974da2312ff5cdfbfaa0f7c

SHA256
987720aea582453c39d6437018cccdfaa47a685d48c46f821eb6ca642c72874c

SHA512
8384fb2ee71d56b500ce7122bc5c644d83d0b4edb208085d26dde3aba5bf6df2aaaf821a205d77eee529ec7bc637d010e501a9a171f7ab21a74b619f5b4b06c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe

Filesize
184KB

MD5
d1ed7dbe7b1cfed908f21bf2e1c6520d

SHA1
c7be0527fe9bd664aef43b608d855415671df992

SHA256
49b2cc4eeb6352fa03b373d71f5396d2ceda209d8c70ada3dd927f8420b33688

SHA512
f10628e7866a5f73ed6614ce5628335c30ac7a2d841d1089d31d30077b8a65d2136569bded713a7416a000f122533d971af9c739f4ed8fe07cc6f0640471c06d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe

Filesize
184KB

MD5
7f20a9511be7d2152771e29d208c5e7e

SHA1
f2a7b37f422c20396a9a72dbc1caaa3f7300ba39

SHA256
2783aa0daf867c42e973a6910c877a016c029b2a0d3ef6d1d5bb7d6b45f8ab52

SHA512
a3734edaf4272f33e4f14b19c048f505ec16dc424a0f3c7ea2d50045cadc3be4bdd8c64cf7c5c1162a57edaf319376b3d2b39d3a3fbe59fff303e9b85e9b6fe9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe

Filesize
184KB

MD5
47d64ed44bbe808bf57b4955eb059819

SHA1
584c97a746ffd3416199fd9157098263babb82eb

SHA256
f2b8078ee5aa18994c1f9bec935c4ee7df1f4526a2fdd0a86f9f2524d6074340

SHA512
101dcd1db4bc9a632ec732bd7cd77f3c3bdb0340ed1d0906acd99dd0e94e759f7e5cf86e4323363d98205d3387c293905564f24259025fecb2baf66551f80ddb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-839.exe

Filesize
184KB

MD5
f638f1627f3c0b5c668ab43ddcd2c08b

SHA1
daf820b314637d0b5939861335c4a258969bf67f

SHA256
f1da45368f1503f9288c03db852dd37f8d183f52cdc40385f13eb31c0187821d

SHA512
d7771585f4611ed31356f1c8400790b5a4fb57297b635cab4a5c1604f6d7837b62856e9a111c23fd027e124cd672ff59784b657513c7dc3f2346a213e3bb9c25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe

Filesize
184KB

MD5
95f257e712ab0e25a0ff1e4b0f60fb37

SHA1
831760784ca7dc1bdd59a3f99583a3f65df5eb15

SHA256
683db1a708a8aa270fb843811ba6803746420d45d3f29b8052617ff496094625

SHA512
5b58a9194d838e5cb5ab21231bf98f6fa11e2e68aee3fdba24e184e615d8649898b5f2480caee554c4d7d3a77da2c76a34d02ded07e35538dc69a302690b9d61

Download Submit