47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
Size

184KB
MD5

b344b43b9c13f60b05380dc6cd182045
SHA1

de5034b17982e0cf0c85ab446108fe38db80faa3
SHA256

47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e
SHA512

60e2eb92ae7bb69f47a80897fdf021fd451cca47c23a7fb0a1f4826672faba0d3e574b951b9c221d581ba6f8ccaa5146842dd3f166763d75525e1c90ed45d3e0
SSDEEP

3072:Chm3oxoT7oOZj6yWeevL+XZQhlnViFKn3:ChrotZ6ymLUZQhlnViFK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-32635.exeUnicorn-21020.exeUnicorn-6075.exeUnicorn-17342.exeUnicorn-63013.exeUnicorn-62266.exeUnicorn-54241.exeUnicorn-41173.exeUnicorn-3670.exeUnicorn-44703.exeUnicorn-2279.exeUnicorn-16006.exeUnicorn-48678.exeUnicorn-16560.exeUnicorn-40510.exeUnicorn-38926.exeUnicorn-46540.exeUnicorn-54708.exeUnicorn-4116.exeUnicorn-53914.exeUnicorn-60691.exeUnicorn-35440.exeUnicorn-43608.exeUnicorn-58553.exeUnicorn-54490.exeUnicorn-50406.exeUnicorn-30540.exeUnicorn-42792.exeUnicorn-52352.exeUnicorn-29794.exeUnicorn-40654.exeUnicorn-15403.exeUnicorn-25409.exeUnicorn-4796.exeUnicorn-11573.exeUnicorn-64879.exeUnicorn-26539.exeUnicorn-42321.exeUnicorn-32761.exeUnicorn-40183.exeUnicorn-55128.exeUnicorn-64687.exeUnicorn-29877.exeUnicorn-59020.exeUnicorn-58465.exeUnicorn-48927.exeUnicorn-36483.exeUnicorn-47344.exeUnicorn-20701.exeUnicorn-9840.exeUnicorn-50873.exeUnicorn-43259.exeUnicorn-18284.exeUnicorn-6031.exeUnicorn-47619.exeUnicorn-31090.exeUnicorn-31090.exeUnicorn-18092.exeUnicorn-7785.exeUnicorn-42596.exeUnicorn-52051.exeUnicorn-64303.exeUnicorn-55580.exeUnicorn-37106.exe

pid	process
2056	Unicorn-32635.exe
2448	Unicorn-21020.exe
2916	Unicorn-6075.exe
2652	Unicorn-17342.exe
2680	Unicorn-63013.exe
2520	Unicorn-62266.exe
1672	Unicorn-54241.exe
1384	Unicorn-41173.exe
756	Unicorn-3670.exe
2600	Unicorn-44703.exe
2580	Unicorn-2279.exe
1472	Unicorn-16006.exe
1768	Unicorn-48678.exe
952	Unicorn-16560.exe
2812	Unicorn-40510.exe
472	Unicorn-38926.exe
1168	Unicorn-46540.exe
2156	Unicorn-54708.exe
2788	Unicorn-4116.exe
1960	Unicorn-53914.exe
1200	Unicorn-60691.exe
1844	Unicorn-35440.exe
1956	Unicorn-43608.exe
1288	Unicorn-58553.exe
2076	Unicorn-54490.exe
1652	Unicorn-50406.exe
2300	Unicorn-30540.exe
2860	Unicorn-42792.exe
1088	Unicorn-52352.exe
1608	Unicorn-29794.exe
1312	Unicorn-40654.exe
2252	Unicorn-15403.exe
2660	Unicorn-25409.exe
2628	Unicorn-4796.exe
2492	Unicorn-11573.exe
2420	Unicorn-64879.exe
2992	Unicorn-26539.exe
696	Unicorn-42321.exe
836	Unicorn-32761.exe
1480	Unicorn-40183.exe
2568	Unicorn-55128.exe
2544	Unicorn-64687.exe
1976	Unicorn-29877.exe
1664	Unicorn-59020.exe
692	Unicorn-58465.exe
1928	Unicorn-48927.exe
1684	Unicorn-36483.exe
2948	Unicorn-47344.exe
2728	Unicorn-20701.exe
572	Unicorn-9840.exe
1832	Unicorn-50873.exe
2296	Unicorn-43259.exe
1064	Unicorn-18284.exe
1100	Unicorn-6031.exe
2328	Unicorn-47619.exe
2456	Unicorn-31090.exe
2724	Unicorn-31090.exe
2348	Unicorn-18092.exe
2404	Unicorn-7785.exe
2336	Unicorn-42596.exe
1216	Unicorn-52051.exe
2340	Unicorn-64303.exe
1488	Unicorn-55580.exe
1712	Unicorn-37106.exe

Loads dropped DLL 64 IoCs

Processes:

47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exeUnicorn-32635.exeUnicorn-6075.exeUnicorn-21020.exeWerFault.exeUnicorn-17342.exeUnicorn-63013.exeUnicorn-62266.exeWerFault.exeWerFault.exeUnicorn-41173.exeUnicorn-54241.exeUnicorn-2279.exeUnicorn-44703.exeUnicorn-3670.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
2056	Unicorn-32635.exe
2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
2056	Unicorn-32635.exe
2056	Unicorn-32635.exe
2916	Unicorn-6075.exe
2916	Unicorn-6075.exe
2056	Unicorn-32635.exe
2448	Unicorn-21020.exe
2448	Unicorn-21020.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2652	Unicorn-17342.exe
2652	Unicorn-17342.exe
2916	Unicorn-6075.exe
2916	Unicorn-6075.exe
2680	Unicorn-63013.exe
2680	Unicorn-63013.exe
2520	Unicorn-62266.exe
2448	Unicorn-21020.exe
2448	Unicorn-21020.exe
2520	Unicorn-62266.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1916	WerFault.exe
1924	WerFault.exe
1384	Unicorn-41173.exe
1384	Unicorn-41173.exe
1672	Unicorn-54241.exe
1672	Unicorn-54241.exe
2652	Unicorn-17342.exe
2652	Unicorn-17342.exe
2580	Unicorn-2279.exe
2580	Unicorn-2279.exe
2600	Unicorn-44703.exe
2600	Unicorn-44703.exe
2520	Unicorn-62266.exe
2520	Unicorn-62266.exe
756	Unicorn-3670.exe
2680	Unicorn-63013.exe
756	Unicorn-3670.exe
2680	Unicorn-63013.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
956	WerFault.exe
956	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2772	2240	WerFault.exe	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
2840	2056	WerFault.exe	Unicorn-32635.exe
1924	2916	WerFault.exe	Unicorn-6075.exe
1916	2448	WerFault.exe	Unicorn-21020.exe
2084	2652	WerFault.exe	Unicorn-17342.exe
3008	2680	WerFault.exe	Unicorn-63013.exe
956	2520	WerFault.exe	Unicorn-62266.exe
3032	1384	WerFault.exe	Unicorn-41173.exe
2484	1672	WerFault.exe	Unicorn-54241.exe
2668	2580	WerFault.exe	Unicorn-2279.exe
3040	2600	WerFault.exe	Unicorn-44703.exe
2368	756	WerFault.exe	Unicorn-3670.exe
1048	1472	WerFault.exe	Unicorn-16006.exe
1484	952	WerFault.exe	Unicorn-16560.exe
1752	1768	WerFault.exe	Unicorn-48678.exe
2892	1168	WerFault.exe	Unicorn-46540.exe
2820	2156	WerFault.exe	Unicorn-54708.exe
892	472	WerFault.exe	Unicorn-38926.exe
2800	2788	WerFault.exe	Unicorn-4116.exe
2884	2812	WerFault.exe	Unicorn-40510.exe
1268	1960	WerFault.exe	Unicorn-53914.exe
2416	1844	WerFault.exe	Unicorn-35440.exe
2452	1088	WerFault.exe	Unicorn-52352.exe
2956	2252	WerFault.exe	Unicorn-15403.exe
2572	2300	WerFault.exe	Unicorn-30540.exe
2224	2076	WerFault.exe	Unicorn-54490.exe
2852	1956	WerFault.exe	Unicorn-43608.exe
1624	1312	WerFault.exe	Unicorn-40654.exe
900	1608	WerFault.exe	Unicorn-29794.exe
2524	2568	WerFault.exe	Unicorn-55128.exe
564	1480	WerFault.exe	Unicorn-40183.exe
2552	2992	WerFault.exe	Unicorn-26539.exe
2592	1684	WerFault.exe	Unicorn-36483.exe
936	572	WerFault.exe	Unicorn-9840.exe
1184	1832	WerFault.exe	Unicorn-50873.exe
3184	1664	WerFault.exe	Unicorn-59020.exe
3196	2296	WerFault.exe	Unicorn-43259.exe
3488	696	WerFault.exe	Unicorn-42321.exe
3516	1652	WerFault.exe	Unicorn-50406.exe
3532	2724	WerFault.exe	Unicorn-31090.exe
3576	1288	WerFault.exe	Unicorn-58553.exe
3604	2544	WerFault.exe	Unicorn-64687.exe
3720	2728	WerFault.exe	Unicorn-20701.exe
3752	1928	WerFault.exe	Unicorn-48927.exe
3772	2348	WerFault.exe	Unicorn-18092.exe
3780	1976	WerFault.exe	Unicorn-29877.exe
3840	836	WerFault.exe	Unicorn-32761.exe
3880	2660	WerFault.exe	Unicorn-25409.exe
3920	1200	WerFault.exe	Unicorn-60691.exe
3928	2492	WerFault.exe	Unicorn-11573.exe
3952	2860	WerFault.exe	Unicorn-42792.exe
3960	1100	WerFault.exe	Unicorn-6031.exe
4036	2948	WerFault.exe	Unicorn-47344.exe
3432	2628	WerFault.exe	Unicorn-4796.exe
3592	2420	WerFault.exe	Unicorn-64879.exe
4092	2404	WerFault.exe	Unicorn-7785.exe
3232	2016	WerFault.exe	Unicorn-35906.exe
3384	1904	WerFault.exe	Unicorn-49550.exe
3472	692	WerFault.exe	Unicorn-58465.exe
3288	2732	WerFault.exe	Unicorn-45658.exe
3540	2384	WerFault.exe	Unicorn-34475.exe
3712	1216	WerFault.exe	Unicorn-52051.exe
3704	2456	WerFault.exe	Unicorn-31090.exe
3856	2676	WerFault.exe	Unicorn-34475.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exeUnicorn-32635.exeUnicorn-21020.exeUnicorn-6075.exeUnicorn-17342.exeUnicorn-63013.exeUnicorn-62266.exeUnicorn-54241.exeUnicorn-41173.exeUnicorn-44703.exeUnicorn-3670.exeUnicorn-2279.exeUnicorn-16006.exeUnicorn-48678.exeUnicorn-16560.exeUnicorn-40510.exeUnicorn-46540.exeUnicorn-38926.exeUnicorn-54708.exeUnicorn-4116.exeUnicorn-53914.exeUnicorn-60691.exeUnicorn-35440.exeUnicorn-43608.exeUnicorn-58553.exeUnicorn-54490.exeUnicorn-50406.exeUnicorn-30540.exeUnicorn-42792.exeUnicorn-52352.exeUnicorn-29794.exeUnicorn-40654.exeUnicorn-15403.exeUnicorn-25409.exeUnicorn-11573.exeUnicorn-4796.exeUnicorn-64879.exeUnicorn-42321.exeUnicorn-26539.exeUnicorn-32761.exeUnicorn-55128.exeUnicorn-40183.exeUnicorn-64687.exeUnicorn-29877.exeUnicorn-59020.exeUnicorn-58465.exeUnicorn-48927.exeUnicorn-36483.exeUnicorn-47344.exeUnicorn-20701.exeUnicorn-9840.exeUnicorn-43259.exeUnicorn-50873.exeUnicorn-18284.exeUnicorn-6031.exeUnicorn-47619.exeUnicorn-31090.exeUnicorn-31090.exeUnicorn-18092.exeUnicorn-7785.exeUnicorn-42596.exeUnicorn-52051.exeUnicorn-64303.exeUnicorn-55580.exe

pid	process
2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
2056	Unicorn-32635.exe
2448	Unicorn-21020.exe
2916	Unicorn-6075.exe
2652	Unicorn-17342.exe
2680	Unicorn-63013.exe
2520	Unicorn-62266.exe
1672	Unicorn-54241.exe
1384	Unicorn-41173.exe
2600	Unicorn-44703.exe
756	Unicorn-3670.exe
2580	Unicorn-2279.exe
1472	Unicorn-16006.exe
1768	Unicorn-48678.exe
952	Unicorn-16560.exe
2812	Unicorn-40510.exe
1168	Unicorn-46540.exe
472	Unicorn-38926.exe
2156	Unicorn-54708.exe
2788	Unicorn-4116.exe
1960	Unicorn-53914.exe
1200	Unicorn-60691.exe
1844	Unicorn-35440.exe
1956	Unicorn-43608.exe
1288	Unicorn-58553.exe
2076	Unicorn-54490.exe
1652	Unicorn-50406.exe
2300	Unicorn-30540.exe
2860	Unicorn-42792.exe
1088	Unicorn-52352.exe
1608	Unicorn-29794.exe
1312	Unicorn-40654.exe
2252	Unicorn-15403.exe
2660	Unicorn-25409.exe
2492	Unicorn-11573.exe
2628	Unicorn-4796.exe
2420	Unicorn-64879.exe
696	Unicorn-42321.exe
2992	Unicorn-26539.exe
836	Unicorn-32761.exe
2568	Unicorn-55128.exe
1480	Unicorn-40183.exe
2544	Unicorn-64687.exe
1976	Unicorn-29877.exe
1664	Unicorn-59020.exe
692	Unicorn-58465.exe
1928	Unicorn-48927.exe
1684	Unicorn-36483.exe
2948	Unicorn-47344.exe
2728	Unicorn-20701.exe
572	Unicorn-9840.exe
2296	Unicorn-43259.exe
1832	Unicorn-50873.exe
1064	Unicorn-18284.exe
1100	Unicorn-6031.exe
2328	Unicorn-47619.exe
2456	Unicorn-31090.exe
2724	Unicorn-31090.exe
2348	Unicorn-18092.exe
2404	Unicorn-7785.exe
2336	Unicorn-42596.exe
1216	Unicorn-52051.exe
2340	Unicorn-64303.exe
1488	Unicorn-55580.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exeUnicorn-32635.exeUnicorn-6075.exeUnicorn-21020.exeUnicorn-17342.exeUnicorn-63013.exeUnicorn-62266.exeUnicorn-41173.exe

description	pid	process	target process
PID 2240 wrote to memory of 2056	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-32635.exe
PID 2240 wrote to memory of 2056	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-32635.exe
PID 2240 wrote to memory of 2056	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-32635.exe
PID 2240 wrote to memory of 2056	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-32635.exe
PID 2240 wrote to memory of 2448	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-21020.exe
PID 2240 wrote to memory of 2448	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-21020.exe
PID 2240 wrote to memory of 2448	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-21020.exe
PID 2240 wrote to memory of 2448	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	Unicorn-21020.exe
PID 2056 wrote to memory of 2916	2056	Unicorn-32635.exe	Unicorn-6075.exe
PID 2056 wrote to memory of 2916	2056	Unicorn-32635.exe	Unicorn-6075.exe
PID 2056 wrote to memory of 2916	2056	Unicorn-32635.exe	Unicorn-6075.exe
PID 2056 wrote to memory of 2916	2056	Unicorn-32635.exe	Unicorn-6075.exe
PID 2240 wrote to memory of 2772	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	WerFault.exe
PID 2240 wrote to memory of 2772	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	WerFault.exe
PID 2240 wrote to memory of 2772	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	WerFault.exe
PID 2240 wrote to memory of 2772	2240	47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe	WerFault.exe
PID 2916 wrote to memory of 2652	2916	Unicorn-6075.exe	Unicorn-17342.exe
PID 2916 wrote to memory of 2652	2916	Unicorn-6075.exe	Unicorn-17342.exe
PID 2916 wrote to memory of 2652	2916	Unicorn-6075.exe	Unicorn-17342.exe
PID 2916 wrote to memory of 2652	2916	Unicorn-6075.exe	Unicorn-17342.exe
PID 2056 wrote to memory of 2680	2056	Unicorn-32635.exe	Unicorn-63013.exe
PID 2056 wrote to memory of 2680	2056	Unicorn-32635.exe	Unicorn-63013.exe
PID 2056 wrote to memory of 2680	2056	Unicorn-32635.exe	Unicorn-63013.exe
PID 2056 wrote to memory of 2680	2056	Unicorn-32635.exe	Unicorn-63013.exe
PID 2448 wrote to memory of 2520	2448	Unicorn-21020.exe	Unicorn-62266.exe
PID 2448 wrote to memory of 2520	2448	Unicorn-21020.exe	Unicorn-62266.exe
PID 2448 wrote to memory of 2520	2448	Unicorn-21020.exe	Unicorn-62266.exe
PID 2448 wrote to memory of 2520	2448	Unicorn-21020.exe	Unicorn-62266.exe
PID 2056 wrote to memory of 2840	2056	Unicorn-32635.exe	WerFault.exe
PID 2056 wrote to memory of 2840	2056	Unicorn-32635.exe	WerFault.exe
PID 2056 wrote to memory of 2840	2056	Unicorn-32635.exe	WerFault.exe
PID 2056 wrote to memory of 2840	2056	Unicorn-32635.exe	WerFault.exe
PID 2652 wrote to memory of 1672	2652	Unicorn-17342.exe	Unicorn-54241.exe
PID 2652 wrote to memory of 1672	2652	Unicorn-17342.exe	Unicorn-54241.exe
PID 2652 wrote to memory of 1672	2652	Unicorn-17342.exe	Unicorn-54241.exe
PID 2652 wrote to memory of 1672	2652	Unicorn-17342.exe	Unicorn-54241.exe
PID 2916 wrote to memory of 1384	2916	Unicorn-6075.exe	Unicorn-41173.exe
PID 2916 wrote to memory of 1384	2916	Unicorn-6075.exe	Unicorn-41173.exe
PID 2916 wrote to memory of 1384	2916	Unicorn-6075.exe	Unicorn-41173.exe
PID 2916 wrote to memory of 1384	2916	Unicorn-6075.exe	Unicorn-41173.exe
PID 2680 wrote to memory of 756	2680	Unicorn-63013.exe	Unicorn-3670.exe
PID 2680 wrote to memory of 756	2680	Unicorn-63013.exe	Unicorn-3670.exe
PID 2680 wrote to memory of 756	2680	Unicorn-63013.exe	Unicorn-3670.exe
PID 2680 wrote to memory of 756	2680	Unicorn-63013.exe	Unicorn-3670.exe
PID 2448 wrote to memory of 2580	2448	Unicorn-21020.exe	Unicorn-2279.exe
PID 2448 wrote to memory of 2580	2448	Unicorn-21020.exe	Unicorn-2279.exe
PID 2448 wrote to memory of 2580	2448	Unicorn-21020.exe	Unicorn-2279.exe
PID 2448 wrote to memory of 2580	2448	Unicorn-21020.exe	Unicorn-2279.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-62266.exe	Unicorn-44703.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-62266.exe	Unicorn-44703.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-62266.exe	Unicorn-44703.exe
PID 2520 wrote to memory of 2600	2520	Unicorn-62266.exe	Unicorn-44703.exe
PID 2916 wrote to memory of 1924	2916	Unicorn-6075.exe	WerFault.exe
PID 2916 wrote to memory of 1924	2916	Unicorn-6075.exe	WerFault.exe
PID 2916 wrote to memory of 1924	2916	Unicorn-6075.exe	WerFault.exe
PID 2916 wrote to memory of 1924	2916	Unicorn-6075.exe	WerFault.exe
PID 2448 wrote to memory of 1916	2448	Unicorn-21020.exe	WerFault.exe
PID 2448 wrote to memory of 1916	2448	Unicorn-21020.exe	WerFault.exe
PID 2448 wrote to memory of 1916	2448	Unicorn-21020.exe	WerFault.exe
PID 2448 wrote to memory of 1916	2448	Unicorn-21020.exe	WerFault.exe
PID 1384 wrote to memory of 1472	1384	Unicorn-41173.exe	Unicorn-16006.exe
PID 1384 wrote to memory of 1472	1384	Unicorn-41173.exe	Unicorn-16006.exe
PID 1384 wrote to memory of 1472	1384	Unicorn-41173.exe	Unicorn-16006.exe
PID 1384 wrote to memory of 1472	1384	Unicorn-41173.exe	Unicorn-16006.exe

C:\Users\Admin\AppData\Local\Temp\47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe
"C:\Users\Admin\AppData\Local\Temp\47975dea6a35d3660f6f2782f86f73ab1fdead0f8b26e1ddf3cc5b38ae34ac2e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        10⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        11⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        12⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        13⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        13⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        11⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        10⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
        9⤵
        Program crash
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        11⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        13⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        10⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
        9⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        8⤵
        Program crash
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
        8⤵
        Executes dropped EXE
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        11⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        12⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 236
        12⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        8⤵
        Program crash
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        Program crash
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        12⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 236
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
        9⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        8⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        10⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 236
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        8⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        7⤵
        Program crash
        
        PID:3576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        10⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        11⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        12⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        13⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
        14⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        14⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        13⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        12⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
        11⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        11⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        11⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        11⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        12⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
        11⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
        9⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        8⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        11⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        12⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
        13⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        13⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        12⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        11⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        10⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
        9⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
        11⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        12⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        7⤵
        Program crash
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
        11⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        8⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
        7⤵
        Program crash
        
        PID:2552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        6⤵
        Program crash
        
        PID:1484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        10⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30355.exe
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        12⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        13⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        13⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        11⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        10⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        9⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        10⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        12⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 236
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        11⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        10⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        9⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        8⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        8⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        11⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7734.exe
        12⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 220
        13⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 236
        12⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 216
        9⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        8⤵
        Program crash
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        7⤵
        Program crash
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        11⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        10⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        6⤵
        Program crash
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        11⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 236
        12⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 236
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 236
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        8⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        7⤵
        Program crash
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        8⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        7⤵
        
        PID:4868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        6⤵
        Program crash
        
        PID:3920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        5⤵
        Program crash
        
        PID:3032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        11⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        12⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        13⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
        11⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
        10⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        9⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
        11⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
        10⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 216
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        8⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        7⤵
        Program crash
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        10⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        11⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 236
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        7⤵
        Program crash
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        6⤵
        Program crash
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        11⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        12⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        9⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 216
        7⤵
        Program crash
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        6⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 220
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        9⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        8⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        7⤵
        
        PID:3676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        6⤵
        Program crash
        
        PID:1624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        5⤵
        Program crash
        
        PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        9⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        10⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        11⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
        10⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        8⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
        7⤵
        Program crash
        
        PID:1184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        6⤵
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19758.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 236
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        8⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        7⤵
        
        PID:4364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        6⤵
        Program crash
        
        PID:3196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        5⤵
        Program crash
        
        PID:2800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
        11⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 240
        12⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        11⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        10⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        9⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        8⤵
        Program crash
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        10⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        11⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        12⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        8⤵
        Program crash
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        7⤵
        Program crash
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14630.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
        11⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        12⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        12⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        11⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
        9⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        8⤵
        Program crash
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        8⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        7⤵
        Program crash
        
        PID:2524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        6⤵
        Program crash
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46629.exe
        11⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        12⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        8⤵
        Program crash
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        11⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 236
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        7⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        11⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 236
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 236
        8⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        7⤵
        Program crash
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        6⤵
        Program crash
        
        PID:2572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        5⤵
        Program crash
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 236
        11⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        10⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        8⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        7⤵
        Program crash
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        10⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
        10⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        9⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        7⤵
        
        PID:3692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        6⤵
        Program crash
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        9⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
        10⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        11⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
        10⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
        9⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        8⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        7⤵
        
        PID:4556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        6⤵
        Program crash
        
        PID:3720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
        5⤵
        Program crash
        
        PID:892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        Program crash
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        10⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 236
        11⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        10⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        8⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        7⤵
        
        PID:4452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        6⤵
        Program crash
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        11⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 236
        10⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        9⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        8⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        7⤵
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        6⤵
        Program crash
        
        PID:3184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        5⤵
        Program crash
        
        PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        9⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 236
        10⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        8⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        7⤵
        
        PID:4624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
        6⤵
        Program crash
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        5⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        9⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        9⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 236
        8⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        7⤵
        
        PID:6080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
        6⤵
        
        PID:4484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        5⤵
        Program crash
        
        PID:3952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
      4⤵
      Program crash
      PID:2668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
  2⤵
  - Program crash
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe

Filesize
184KB

MD5
45a6addb151174d5c9e9ffd7017be528

SHA1
b167e72da68a319508c8d2b330d8fe0d404fff19

SHA256
5e149d2865d316ddcb3fa78eb351fb3c915aa415e1c58fc2ccae1405b414db9c

SHA512
45b97886d866c4bed253d851d249ffeaac7c74bd3830be0dabb45eb19efc070a2f8504f45a80668eedb802015dfa6b9f06fa84deccfd7d525baf7d351c57f58b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe

Filesize
184KB

MD5
e7a37798386c1f8a1790dc84e64de5a8

SHA1
3fbb4a1d9577c3508e602be3d890d266db171c6d

SHA256
fd719987e42a261ff22155c19618240ecaaaf1dc626295c840ae78e9a2e3bd81

SHA512
73c233bc58c7df6b98c1348f026a807810a28d148f1401fc0d6066ec588c3319f670bf534eb88a93ec3ecd1014afd8ebd70b64cac4528e7cbb178481732461ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe

Filesize
184KB

MD5
ae46be8184b8edac8e4223f933f0afd1

SHA1
fe51c77cdcfeab46adebe47feb4f970d9f865210

SHA256
e8e019b62a971ffea18249c640864e34783ed9e04c2c4ec00a179dbad8090b8f

SHA512
2c8f0a99ec4de281b9bac2117ff054593ebf6bf299b8ed4c57bfb147d19b0cb838814d20fdbf42ca2fe2108bc67e4bb2e68d1b00027129badbf6b3782cc64d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe

Filesize
184KB

MD5
4ae5e45bd1e7709c90eb6a7d4029ddd0

SHA1
5c1d05bd025350850da2b600764a8b02843b167f

SHA256
e30a88404f45d81a9fc5621cfdfdab8692444b99b515181bea607dc3c69429b1

SHA512
642821a8b36bffbf8145539e697d355b28d5998ec928e897089583a76456018fd4bbcb73dd16c91328d7a73a5cc815e9dfc80f8e4dcba94e33d6d13b8ada08b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe

Filesize
184KB

MD5
fa15f2c234145f51f5ce9304605e0b69

SHA1
7263d55a26fb4ea1ca94ae5fba2c8f68e0c8a19f

SHA256
c4300ec926da884a457bd05c70612a15bf14729cc17ad38cb0888c2a7cbcd2f5

SHA512
7d960a9680ded9627c49e121f6062acea0db18bc58c97544c4e4166709bfbaee3826b483ead325b4431b8b477cc21a813a30dc536edae15023d49941f8adc8b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe

Filesize
184KB

MD5
84d78ace6f5764d1a8e3ad339ada781c

SHA1
15e7c72f9552d17e6333e309b33022c5e206ca52

SHA256
0425dda5a4d1abe66830ec17e6c02acded83586e2b3aaf1567ad90c12f99f33d

SHA512
0aa216c29573065ddc340f7f5de42029b94d8a0eaddd08b32e4246ee20a94d639714356e534470abb93bc60513336079cb906bc10a32ec9aa9e45bb5836cc306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe

Filesize
184KB

MD5
186bbeb704e364295ee4e0dd8ae7492f

SHA1
aef24cf36e61d3d9158beb31ce92708328350714

SHA256
b1ea505a3bfbeb7c40bf2109af1097f78fdb11a3e7c5b78a90e9160090c74aae

SHA512
331702e44ab5dbe5ac082c7395e71675370f67d62d843082f2c37e873d9e9d94d49b251753542ca1531cf844965be2f244033994c2496cf4f4a2c10fea0231f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe

Filesize
184KB

MD5
ed01e38a8dc2e4477ef7932fd544579d

SHA1
022eca6c892f7088c636779aa2a11792fe5cc3fe

SHA256
035a527e335185fd5662110591a335a9603768827ab37fb366ee5386b6b9984f

SHA512
6b9438f0bcc3f700760869b0dc83113a99eace3a11ae9a9ba4b8a5142a1baf43b51017bcd5c4db3035352942fa8bdf35aacb87b203073293cf32790ea257fd12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe

Filesize
184KB

MD5
c71eed1e7fb0cbb4f09809ea4953c97f

SHA1
6e76ffd71f3e81e284f33b637d8e9437cd0f8e25

SHA256
9d980b3a1603324cc2b82511e555f3a5ef27a34532bfc8742f6be8826e4a584e

SHA512
38c81043d1f6394754b6149dc5813e8730c20cb2fffd30e8a5258112b202a265d200eb126ad3b748aa4c742b949b208c872cb9490a9bff51edb5f1be92598f94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe

Filesize
184KB

MD5
4ce308e8a4e33bde59a467c9b81676fb

SHA1
6c117d0f668491612090ed3151ec86fc3ad08542

SHA256
f5f7b37c1fa249a18da538178123f0569a48a80b0497e2ffeab8f0dc06bb1b62

SHA512
4473ec12d2a26fb7c990c2843a5f9fe178d3d153bb0591d13e5d8e2a47946cda857491393abb04a988e9f3ac3dd7ab4000123bc09c2ab08056f04a2dd6850ce8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe

Filesize
184KB

MD5
ff6b9eb56cfe46d14e13f2fdc0070ea2

SHA1
856b8940b508b668528ca78956f63b8e181dff3a

SHA256
640674db010daf61b1ff251cf09bda567d3a2fce4633a9426bbd3d26c04e1ccc

SHA512
2ed3476b8b1fc010e33853a26fd19cde53692859de9347df85ee668410c9a56f953782583d154b2719698c3f298051f1b46c7fda158b3e2e5c487270b572fad1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe

Filesize
184KB

MD5
a6fd70d987ea2651f73d201322e8e741

SHA1
363675ef3beac3a4feee8085b7d8cdb5e95d2fc9

SHA256
10b763d3ac581efe705cd1df0bc8fb7441a6b2c102985d896516097a01155e86

SHA512
bcb3d83c3924b5108ac8f957e705ef4993151955395a43fb93eb4ed3c170aeb8ec1dbc6c13716815c921f48ad94e347e8ddb3336026682eae22de125753deb14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe

Filesize
184KB

MD5
3c8d5b75564154a3faf611d7330070c1

SHA1
1c10a1221fa9d180846f3a736e56626f86f1c8e2

SHA256
426b9a65d01459fdaabb48b3d2ec33fcf2b575b55337a8b60a07bf687c517e26

SHA512
eb0eb8a683f6330ae372387d88ff1dd04c7b84d2cb8b18b1582b49b7e83851e2bce1a6f29abf45f4f4cbbbbedb976df9a771b269bfb92cd4aa6723ad533a8925

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe

Filesize
184KB

MD5
f322b8f19db75dc396f2c67d520e9027

SHA1
8c00cb99c97b63a493cbeb5e86afe527328480fe

SHA256
22a72ea1d2a49a8f6f5502e911bd1eb01b5ba0add92d3fbe8fcfbd5573f7641f

SHA512
52e94613253ea489e8ee81234c37895b4e26de43794259d6a0314690ffb6dd22aa23782dc933dff1ecb4dc11f853d2ab9c75e9842ea9049bd1fc5295025b0565

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe

Filesize
184KB

MD5
4fba1ad62da27b8c9ad1b1ecef685c79

SHA1
0bdd081d9a68dba1e3a29a0c5cfc25b3b8cf36fa

SHA256
13da2fad113c7ce6b2074435946656f4921595f4387c4bec2bb8c04a2854bba2

SHA512
dfbdb6aeed5410e90209f50a916ca377c9872e4d9b2146c9c36d67cfb6cd99e76250b8afbf742aa84b08d76fd7e993247fe9496ca49fc7beb25884686c193519

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe

Filesize
184KB

MD5
674a5856ccdd5e2cb87a09b9e33c079f

SHA1
465d6f8693d92d1e16ccf469155521eb96958e8b

SHA256
27851cf16563dfec0b58b18d680383d8eb047aa4eef92948963048b376393b53

SHA512
a54ef0ac8646837c4419a9acf7027b07a0c95c884c1614eea6aa276074107f6f13a30987583b2493b90527abb392d945259fd890f9c75e727c0305bdbe512571

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe

Filesize
184KB

MD5
66df900d070db7b0e677410276185dbe

SHA1
e185725dd8c37a50c49070e05d7299d67c62717c

SHA256
40c21f96c6c57d3a151dc6c1eb875c05bd7bd65d6705fa2b6fe3ce8f80c1bf4b

SHA512
13fd8a0b6fcfc5857fd3f17347ac2603ce38458f99efdcbfa18d47f47ead91e67436aa5df469b77897c9027bf42fc5dd70521892c5d1c778a0af41b7912f8ad0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe

Filesize
184KB

MD5
73201c84f8d2e972f8c9fe844759ff37

SHA1
140b3b67af5ab0b2206da2d53e492c3e925b4a2e

SHA256
af6af915f124f428edede52ea740e5d6145f78d93a62a9e31206c928fc90a97c

SHA512
91933c64b7e5e08515844c2d03c5aba4adfd8151d3a18cc39f689b8da80700121e2e6dddd1d2d6aaa3301d571c2d1d9956444fa7e6e20d92d2c60268f4fdc2be

Download Submit