4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
Size

184KB
MD5

a5497b2bfa9a9ce08bd82148c10f0950
SHA1

b128ae8c7106e2d92669eb2beffb3b74af15f3ff
SHA256

4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e
SHA512

f24011970f32bd57c7c2242f9584609f529ccdd9c9006c85c02e02046df0d8774f2bcc8ff889a4449ae07e5680a3371099c338d638bb463311fc92c625dadd17
SSDEEP

3072:DrBnHxo+oJo8Fl4MPzBL+3sNhlnViF9n3:DrDoy8l4ELYsNhlnViF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38373.exeUnicorn-45747.exeUnicorn-64776.exeUnicorn-43692.exeUnicorn-62721.exeUnicorn-47776.exeUnicorn-49997.exeUnicorn-60858.exeUnicorn-34215.exeUnicorn-54081.exeUnicorn-62010.exeUnicorn-30537.exeUnicorn-45482.exeUnicorn-25061.exeUnicorn-44927.exeUnicorn-18285.exeUnicorn-36806.exeUnicorn-10163.exeUnicorn-59919.exeUnicorn-20470.exeUnicorn-28638.exeUnicorn-63448.exeUnicorn-50381.exeUnicorn-35436.exeUnicorn-54465.exeUnicorn-55363.exeUnicorn-35497.exeUnicorn-34943.exeUnicorn-15077.exeUnicorn-39027.exeUnicorn-34127.exeUnicorn-19183.exeUnicorn-53993.exeUnicorn-38211.exeUnicorn-23267.exeUnicorn-42295.exeUnicorn-31435.exeUnicorn-2846.exeUnicorn-17791.exeUnicorn-41741.exeUnicorn-64683.exeUnicorn-44818.exeUnicorn-44263.exeUnicorn-24397.exeUnicorn-55145.exeUnicorn-43447.exeUnicorn-63313.exeUnicorn-46977.exeUnicorn-12166.exeUnicorn-57838.exeUnicorn-2415.exeUnicorn-22281.exeUnicorn-30449.exeUnicorn-37225.exeUnicorn-34533.exeUnicorn-44839.exeUnicorn-63868.exeUnicorn-18197.exeUnicorn-54953.exeUnicorn-35087.exeUnicorn-29057.exeUnicorn-48923.exeUnicorn-28010.exeUnicorn-62820.exe

pid	process
2496	Unicorn-38373.exe
2600	Unicorn-45747.exe
2532	Unicorn-64776.exe
2628	Unicorn-43692.exe
2408	Unicorn-62721.exe
2864	Unicorn-47776.exe
2856	Unicorn-49997.exe
1568	Unicorn-60858.exe
2140	Unicorn-34215.exe
560	Unicorn-54081.exe
1436	Unicorn-62010.exe
1664	Unicorn-30537.exe
2644	Unicorn-45482.exe
268	Unicorn-25061.exe
488	Unicorn-44927.exe
1420	Unicorn-18285.exe
3056	Unicorn-36806.exe
1124	Unicorn-10163.exe
2224	Unicorn-59919.exe
2388	Unicorn-20470.exe
1896	Unicorn-28638.exe
1604	Unicorn-63448.exe
1360	Unicorn-50381.exe
2352	Unicorn-35436.exe
2340	Unicorn-54465.exe
2144	Unicorn-55363.exe
1228	Unicorn-35497.exe
2708	Unicorn-34943.exe
1540	Unicorn-15077.exe
2508	Unicorn-39027.exe
1860	Unicorn-34127.exe
2660	Unicorn-19183.exe
2556	Unicorn-53993.exe
2520	Unicorn-38211.exe
2460	Unicorn-23267.exe
2476	Unicorn-42295.exe
2436	Unicorn-31435.exe
2840	Unicorn-2846.exe
2004	Unicorn-17791.exe
2860	Unicorn-41741.exe
1932	Unicorn-64683.exe
1628	Unicorn-44818.exe
2240	Unicorn-44263.exe
2216	Unicorn-24397.exe
2040	Unicorn-55145.exe
692	Unicorn-43447.exe
1584	Unicorn-63313.exe
1744	Unicorn-46977.exe
1156	Unicorn-12166.exe
412	Unicorn-57838.exe
896	Unicorn-2415.exe
1612	Unicorn-22281.exe
1600	Unicorn-30449.exe
1552	Unicorn-37225.exe
952	Unicorn-34533.exe
848	Unicorn-44839.exe
2364	Unicorn-63868.exe
2484	Unicorn-18197.exe
1516	Unicorn-54953.exe
2512	Unicorn-35087.exe
2548	Unicorn-29057.exe
1036	Unicorn-48923.exe
2728	Unicorn-28010.exe
1884	Unicorn-62820.exe

Loads dropped DLL 64 IoCs

Processes:

4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exeUnicorn-38373.exeUnicorn-45747.exeUnicorn-64776.exeWerFault.exeUnicorn-62721.exeUnicorn-47776.exeWerFault.exeWerFault.exeUnicorn-43692.exeUnicorn-49997.exeUnicorn-54081.exeUnicorn-60858.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
2496	Unicorn-38373.exe
2496	Unicorn-38373.exe
2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
2600	Unicorn-45747.exe
2600	Unicorn-45747.exe
2496	Unicorn-38373.exe
2496	Unicorn-38373.exe
2532	Unicorn-64776.exe
2532	Unicorn-64776.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2408	Unicorn-62721.exe
2408	Unicorn-62721.exe
2600	Unicorn-45747.exe
2600	Unicorn-45747.exe
2532	Unicorn-64776.exe
2532	Unicorn-64776.exe
2864	Unicorn-47776.exe
2864	Unicorn-47776.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2612	WerFault.exe
2640	WerFault.exe
2628	Unicorn-43692.exe
2628	Unicorn-43692.exe
2856	Unicorn-49997.exe
2856	Unicorn-49997.exe
2408	Unicorn-62721.exe
2408	Unicorn-62721.exe
2864	Unicorn-47776.exe
2864	Unicorn-47776.exe
560	Unicorn-54081.exe
560	Unicorn-54081.exe
1568	Unicorn-60858.exe
1568	Unicorn-60858.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
1796	WerFault.exe
2444	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2676	2156	WerFault.exe	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
2616	2496	WerFault.exe	Unicorn-38373.exe
2612	2600	WerFault.exe	Unicorn-45747.exe
2640	2532	WerFault.exe	Unicorn-64776.exe
2444	2628	WerFault.exe	Unicorn-43692.exe
1796	2408	WerFault.exe	Unicorn-62721.exe
604	2864	WerFault.exe	Unicorn-47776.exe
704	2856	WerFault.exe	Unicorn-49997.exe
1636	560	WerFault.exe	Unicorn-54081.exe
2284	1568	WerFault.exe	Unicorn-60858.exe
752	1436	WerFault.exe	Unicorn-62010.exe
1644	1664	WerFault.exe	Unicorn-30537.exe
1588	2644	WerFault.exe	Unicorn-45482.exe
1736	268	WerFault.exe	Unicorn-25061.exe
2264	488	WerFault.exe	Unicorn-44927.exe
1964	1420	WerFault.exe	Unicorn-18285.exe
2044	896	WerFault.exe	Unicorn-2415.exe
2332	3056	WerFault.exe	Unicorn-36806.exe
2916	1124	WerFault.exe	Unicorn-10163.exe
2920	2224	WerFault.exe	Unicorn-59919.exe
2220	2388	WerFault.exe	Unicorn-20470.exe
1472	1604	WerFault.exe	Unicorn-63448.exe
2088	2352	WerFault.exe	Unicorn-35436.exe
1632	2340	WerFault.exe	Unicorn-54465.exe
1000	1360	WerFault.exe	Unicorn-50381.exe
2696	2144	WerFault.exe	Unicorn-55363.exe
2568	2708	WerFault.exe	Unicorn-34943.exe
1940	2508	WerFault.exe	Unicorn-39027.exe
1324	1860	WerFault.exe	Unicorn-34127.exe
2096	2556	WerFault.exe	Unicorn-53993.exe
1012	2460	WerFault.exe	Unicorn-23267.exe
2008	2660	WerFault.exe	Unicorn-19183.exe
1992	2520	WerFault.exe	Unicorn-38211.exe
2580	2476	WerFault.exe	Unicorn-42295.exe
1756	2436	WerFault.exe	Unicorn-31435.exe
768	2840	WerFault.exe	Unicorn-2846.exe
2208	2004	WerFault.exe	Unicorn-17791.exe
956	2860	WerFault.exe	Unicorn-41741.exe
3468	1932	WerFault.exe	Unicorn-64683.exe
3488	1628	WerFault.exe	Unicorn-44818.exe
3560	2240	WerFault.exe	Unicorn-44263.exe
3568	2216	WerFault.exe	Unicorn-24397.exe
3608	692	WerFault.exe	Unicorn-43447.exe
3884	412	WerFault.exe	Unicorn-57838.exe
3928	1552	WerFault.exe	Unicorn-37225.exe
3920	1612	WerFault.exe	Unicorn-22281.exe
3912	2484	WerFault.exe	Unicorn-18197.exe
3976	2364	WerFault.exe	Unicorn-63868.exe
3964	2512	WerFault.exe	Unicorn-35087.exe
4040	848	WerFault.exe	Unicorn-44839.exe
3112	2548	WerFault.exe	Unicorn-29057.exe
3136	1516	WerFault.exe	Unicorn-54953.exe
3168	952	WerFault.exe	Unicorn-34533.exe
3228	1896	WerFault.exe	Unicorn-28638.exe
3460	1584	WerFault.exe	Unicorn-63313.exe
3756	1156	WerFault.exe	Unicorn-12166.exe
3436	1036	WerFault.exe	Unicorn-48923.exe
4572	312	WerFault.exe	Unicorn-13188.exe
4580	1684	WerFault.exe	Unicorn-28970.exe
4588	2040	WerFault.exe	Unicorn-55145.exe
4648	1600	WerFault.exe	Unicorn-30449.exe
4664	2792	WerFault.exe	Unicorn-2327.exe
4672	764	WerFault.exe	Unicorn-24886.exe
4692	3040	WerFault.exe	Unicorn-33054.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exeUnicorn-38373.exeUnicorn-45747.exeUnicorn-64776.exeUnicorn-43692.exeUnicorn-62721.exeUnicorn-47776.exeUnicorn-49997.exeUnicorn-60858.exeUnicorn-34215.exeUnicorn-54081.exeUnicorn-62010.exeUnicorn-30537.exeUnicorn-45482.exeUnicorn-25061.exeUnicorn-44927.exeUnicorn-18285.exeUnicorn-36806.exeUnicorn-10163.exeUnicorn-59919.exeUnicorn-20470.exeUnicorn-28638.exeUnicorn-63448.exeUnicorn-54465.exeUnicorn-35436.exeUnicorn-50381.exeUnicorn-55363.exeUnicorn-34943.exeUnicorn-39027.exeUnicorn-15077.exeUnicorn-53993.exeUnicorn-38211.exeUnicorn-34127.exeUnicorn-19183.exeUnicorn-23267.exeUnicorn-42295.exeUnicorn-2846.exeUnicorn-31435.exeUnicorn-17791.exeUnicorn-41741.exeUnicorn-64683.exeUnicorn-44818.exeUnicorn-44263.exeUnicorn-24397.exeUnicorn-43447.exeUnicorn-63313.exeUnicorn-55145.exeUnicorn-46977.exeUnicorn-12166.exeUnicorn-57838.exeUnicorn-2415.exeUnicorn-22281.exeUnicorn-30449.exeUnicorn-37225.exeUnicorn-34533.exeUnicorn-44839.exeUnicorn-54953.exeUnicorn-63868.exeUnicorn-18197.exeUnicorn-29057.exeUnicorn-35087.exeUnicorn-48923.exeUnicorn-28010.exeUnicorn-38870.exe

pid	process
2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
2496	Unicorn-38373.exe
2600	Unicorn-45747.exe
2532	Unicorn-64776.exe
2628	Unicorn-43692.exe
2408	Unicorn-62721.exe
2864	Unicorn-47776.exe
2856	Unicorn-49997.exe
1568	Unicorn-60858.exe
2140	Unicorn-34215.exe
560	Unicorn-54081.exe
1436	Unicorn-62010.exe
1664	Unicorn-30537.exe
2644	Unicorn-45482.exe
268	Unicorn-25061.exe
488	Unicorn-44927.exe
1420	Unicorn-18285.exe
3056	Unicorn-36806.exe
1124	Unicorn-10163.exe
2224	Unicorn-59919.exe
2388	Unicorn-20470.exe
1896	Unicorn-28638.exe
1604	Unicorn-63448.exe
2340	Unicorn-54465.exe
2352	Unicorn-35436.exe
1360	Unicorn-50381.exe
2144	Unicorn-55363.exe
2708	Unicorn-34943.exe
2508	Unicorn-39027.exe
1540	Unicorn-15077.exe
2556	Unicorn-53993.exe
2520	Unicorn-38211.exe
1860	Unicorn-34127.exe
2660	Unicorn-19183.exe
2460	Unicorn-23267.exe
2476	Unicorn-42295.exe
2840	Unicorn-2846.exe
2436	Unicorn-31435.exe
2004	Unicorn-17791.exe
2860	Unicorn-41741.exe
1932	Unicorn-64683.exe
1628	Unicorn-44818.exe
2240	Unicorn-44263.exe
2216	Unicorn-24397.exe
692	Unicorn-43447.exe
1584	Unicorn-63313.exe
2040	Unicorn-55145.exe
1744	Unicorn-46977.exe
1156	Unicorn-12166.exe
412	Unicorn-57838.exe
896	Unicorn-2415.exe
1612	Unicorn-22281.exe
1600	Unicorn-30449.exe
1552	Unicorn-37225.exe
952	Unicorn-34533.exe
848	Unicorn-44839.exe
1516	Unicorn-54953.exe
2364	Unicorn-63868.exe
2484	Unicorn-18197.exe
2548	Unicorn-29057.exe
2512	Unicorn-35087.exe
1036	Unicorn-48923.exe
2728	Unicorn-28010.exe
320	Unicorn-38870.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exeUnicorn-38373.exeUnicorn-45747.exeUnicorn-64776.exeUnicorn-62721.exeUnicorn-47776.exeUnicorn-43692.exeUnicorn-49997.exe

description	pid	process	target process
PID 2156 wrote to memory of 2496	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-38373.exe
PID 2156 wrote to memory of 2496	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-38373.exe
PID 2156 wrote to memory of 2496	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-38373.exe
PID 2156 wrote to memory of 2496	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-38373.exe
PID 2496 wrote to memory of 2600	2496	Unicorn-38373.exe	Unicorn-45747.exe
PID 2496 wrote to memory of 2600	2496	Unicorn-38373.exe	Unicorn-45747.exe
PID 2496 wrote to memory of 2600	2496	Unicorn-38373.exe	Unicorn-45747.exe
PID 2496 wrote to memory of 2600	2496	Unicorn-38373.exe	Unicorn-45747.exe
PID 2156 wrote to memory of 2532	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-64776.exe
PID 2156 wrote to memory of 2532	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-64776.exe
PID 2156 wrote to memory of 2532	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-64776.exe
PID 2156 wrote to memory of 2532	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	Unicorn-64776.exe
PID 2156 wrote to memory of 2676	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	WerFault.exe
PID 2156 wrote to memory of 2676	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	WerFault.exe
PID 2156 wrote to memory of 2676	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	WerFault.exe
PID 2156 wrote to memory of 2676	2156	4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe	WerFault.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-45747.exe	Unicorn-43692.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-45747.exe	Unicorn-43692.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-45747.exe	Unicorn-43692.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-45747.exe	Unicorn-43692.exe
PID 2496 wrote to memory of 2408	2496	Unicorn-38373.exe	Unicorn-62721.exe
PID 2496 wrote to memory of 2408	2496	Unicorn-38373.exe	Unicorn-62721.exe
PID 2496 wrote to memory of 2408	2496	Unicorn-38373.exe	Unicorn-62721.exe
PID 2496 wrote to memory of 2408	2496	Unicorn-38373.exe	Unicorn-62721.exe
PID 2532 wrote to memory of 2864	2532	Unicorn-64776.exe	Unicorn-47776.exe
PID 2532 wrote to memory of 2864	2532	Unicorn-64776.exe	Unicorn-47776.exe
PID 2532 wrote to memory of 2864	2532	Unicorn-64776.exe	Unicorn-47776.exe
PID 2532 wrote to memory of 2864	2532	Unicorn-64776.exe	Unicorn-47776.exe
PID 2496 wrote to memory of 2616	2496	Unicorn-38373.exe	WerFault.exe
PID 2496 wrote to memory of 2616	2496	Unicorn-38373.exe	WerFault.exe
PID 2496 wrote to memory of 2616	2496	Unicorn-38373.exe	WerFault.exe
PID 2496 wrote to memory of 2616	2496	Unicorn-38373.exe	WerFault.exe
PID 2408 wrote to memory of 2856	2408	Unicorn-62721.exe	Unicorn-49997.exe
PID 2408 wrote to memory of 2856	2408	Unicorn-62721.exe	Unicorn-49997.exe
PID 2408 wrote to memory of 2856	2408	Unicorn-62721.exe	Unicorn-49997.exe
PID 2408 wrote to memory of 2856	2408	Unicorn-62721.exe	Unicorn-49997.exe
PID 2600 wrote to memory of 1568	2600	Unicorn-45747.exe	Unicorn-60858.exe
PID 2600 wrote to memory of 1568	2600	Unicorn-45747.exe	Unicorn-60858.exe
PID 2600 wrote to memory of 1568	2600	Unicorn-45747.exe	Unicorn-60858.exe
PID 2600 wrote to memory of 1568	2600	Unicorn-45747.exe	Unicorn-60858.exe
PID 2532 wrote to memory of 2140	2532	Unicorn-64776.exe	Unicorn-34215.exe
PID 2532 wrote to memory of 2140	2532	Unicorn-64776.exe	Unicorn-34215.exe
PID 2532 wrote to memory of 2140	2532	Unicorn-64776.exe	Unicorn-34215.exe
PID 2532 wrote to memory of 2140	2532	Unicorn-64776.exe	Unicorn-34215.exe
PID 2864 wrote to memory of 560	2864	Unicorn-47776.exe	Unicorn-54081.exe
PID 2864 wrote to memory of 560	2864	Unicorn-47776.exe	Unicorn-54081.exe
PID 2864 wrote to memory of 560	2864	Unicorn-47776.exe	Unicorn-54081.exe
PID 2864 wrote to memory of 560	2864	Unicorn-47776.exe	Unicorn-54081.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-45747.exe	WerFault.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-45747.exe	WerFault.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-45747.exe	WerFault.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-45747.exe	WerFault.exe
PID 2532 wrote to memory of 2640	2532	Unicorn-64776.exe	WerFault.exe
PID 2532 wrote to memory of 2640	2532	Unicorn-64776.exe	WerFault.exe
PID 2532 wrote to memory of 2640	2532	Unicorn-64776.exe	WerFault.exe
PID 2532 wrote to memory of 2640	2532	Unicorn-64776.exe	WerFault.exe
PID 2628 wrote to memory of 1436	2628	Unicorn-43692.exe	Unicorn-62010.exe
PID 2628 wrote to memory of 1436	2628	Unicorn-43692.exe	Unicorn-62010.exe
PID 2628 wrote to memory of 1436	2628	Unicorn-43692.exe	Unicorn-62010.exe
PID 2628 wrote to memory of 1436	2628	Unicorn-43692.exe	Unicorn-62010.exe
PID 2856 wrote to memory of 1664	2856	Unicorn-49997.exe	Unicorn-30537.exe
PID 2856 wrote to memory of 1664	2856	Unicorn-49997.exe	Unicorn-30537.exe
PID 2856 wrote to memory of 1664	2856	Unicorn-49997.exe	Unicorn-30537.exe
PID 2856 wrote to memory of 1664	2856	Unicorn-49997.exe	Unicorn-30537.exe

C:\Users\Admin\AppData\Local\Temp\4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe
"C:\Users\Admin\AppData\Local\Temp\4150b4c44094368669ae27dc70f29990cb6852c94544ecf625332525911c701e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        10⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        11⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        12⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        13⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        13⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        12⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        11⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
        12⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        11⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        12⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        13⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
        13⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
        11⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        10⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        9⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        12⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        12⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        11⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        11⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        8⤵
        Program crash
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        8⤵
        Executes dropped EXE
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        11⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        12⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32626.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        11⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        11⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        12⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        12⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        11⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        12⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 204
        12⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 240
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        9⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        8⤵
        Program crash
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        7⤵
        Program crash
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        6⤵
        Executes dropped EXE
        
        PID:1228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        6⤵
        Program crash
        
        PID:752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        11⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        12⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        13⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 236
        13⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        12⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 220
        12⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        11⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        11⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        12⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        13⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 236
        13⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        12⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        12⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
        12⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
        9⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        11⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        11⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
        11⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        8⤵
        Program crash
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        12⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        12⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
        11⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 220
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        10⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        10⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 220
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        8⤵
        Program crash
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        7⤵
        Program crash
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        10⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        11⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        12⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        11⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
        9⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 236
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        10⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        11⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 220
        10⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 220
        8⤵
        Program crash
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
        11⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        9⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        9⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        7⤵
        Program crash
        
        PID:2208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        6⤵
        Program crash
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
        8⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        11⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        12⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 240
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        10⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        11⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
        11⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        11⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
        8⤵
        Program crash
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        7⤵
        Program crash
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        10⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
        10⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        8⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
        7⤵
        Program crash
        
        PID:3112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        6⤵
        Program crash
        
        PID:1632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        5⤵
        Program crash
        
        PID:2284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
        9⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13004.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        12⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        13⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        13⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        12⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 220
        12⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        11⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        12⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
        12⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        10⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        11⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        10⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        10⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        11⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        11⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        10⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        11⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        8⤵
        Program crash
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        8⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        10⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        11⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        10⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        11⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
        11⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        8⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        7⤵
        Program crash
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36897.exe
        11⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 236
        12⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        9⤵
        Program crash
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        11⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        11⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
        9⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        8⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        10⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        10⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        9⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
        9⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        
        PID:5660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        6⤵
        Program crash
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        11⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25107.exe
        12⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        12⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        11⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        10⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
        8⤵
        Program crash
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        7⤵
        Program crash
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        11⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
        11⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        9⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        10⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 236
        10⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
        10⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        10⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        7⤵
        Program crash
        
        PID:3608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:2920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        5⤵
        Program crash
        
        PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        11⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        12⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        9⤵
        Program crash
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        11⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 236
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        10⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        11⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
        11⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        10⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
        10⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        9⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 236
        10⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        9⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        8⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        6⤵
        Program crash
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28970.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        11⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        8⤵
        Program crash
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        10⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
        10⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        9⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 240
        9⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        8⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
        7⤵
        Program crash
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        6⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        9⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        9⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        8⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 236
        7⤵
        Program crash
        
        PID:4572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        6⤵
        Program crash
        
        PID:1324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        5⤵
        Program crash
        
        PID:1588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        10⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        11⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        12⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        13⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        13⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        11⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        10⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        11⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        11⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        11⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        12⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        12⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
        9⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        11⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 220
        11⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
        11⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        8⤵
        Program crash
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        11⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
        11⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        8⤵
        Program crash
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        7⤵
        Program crash
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        10⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        12⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
        11⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        10⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        9⤵
        Program crash
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
        10⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        11⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        8⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        8⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        7⤵
        Program crash
        
        PID:2580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
        6⤵
        Program crash
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        12⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 236
        12⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        10⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        11⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 236
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        8⤵
        Program crash
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
        11⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        7⤵
        Program crash
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        10⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        10⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        9⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        8⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        7⤵
        Program crash
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 220
        6⤵
        Program crash
        
        PID:1000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        5⤵
        Program crash
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        10⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        10⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
        10⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        8⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        7⤵
        Program crash
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:2044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        6⤵
        Program crash
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
        10⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        10⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        10⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17852.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
        10⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        10⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        8⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        7⤵
        Program crash
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        9⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        8⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        7⤵
        
        PID:4704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        6⤵
        Program crash
        
        PID:1992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        5⤵
        Program crash
        
        PID:1736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
  2⤵
  - Program crash
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe

Filesize
184KB

MD5
76f0b5d06c86bb45e872ad034526552d

SHA1
eb535e521fc8663d1a95ef63846c2ce826a79a23

SHA256
381f6ed976d93ba211277730e51dd195ebd321d48d51a4eff8dfad837b1a926f

SHA512
7d590d18a016dd75aadb34c0a37b705d0f781028fe42079275d8bda9874799e6c4e53b652665d9125e91e0321ef1c7127384735cfa7a6034f479c3cae72dc2ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe

Filesize
184KB

MD5
75773cb20f0387a971eb92c1cfd0945b

SHA1
37665cb35aa8c663217ab62110c7b23a6f94f593

SHA256
2d2bb4ba75557109aa8bec9b64ce23f7a9f1fc83aa503a1df36818a922a36ebe

SHA512
3609c0162ce9190bdda17ca90595b6977164c390546d57345a5cc9c6fed6fdf50204f794778150f28f75e1749399b808e4ad3931fb0a536b9e65428a86eaf13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe

Filesize
184KB

MD5
380ed53f13eb6a083818b4e8c34a7c29

SHA1
48d478acd58885fe9422cd43e776881ae7b8b6fd

SHA256
e1407f107e8a75e65d9938e77d835a79780e45e0e4301ddf6468183f5916d8dd

SHA512
cdb2a565460041d550a19ffa8b58c4e1f78233c8d0ee6ad99593377a6f35c7c9babe40fd98dd11736e79603fdff197e8df45994d018110539590cd8c69ced442

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe

Filesize
184KB

MD5
ed95f4581e542da87c4942f768a4e593

SHA1
eb3eba22e8b249e5c25cbd945e00e8698c070456

SHA256
6eb683efc7ba0bf5ac069774c377da90206e2d90cce5a8c592afecf26e85b018

SHA512
e7751e1976db712d8afdd3d725ae80fbf1af474c16fec8f04bd5df65d2fd902bea4fad79ff1ae9246b2f8c344c2a31188801ee403d16fefd51f5202824843e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe

Filesize
184KB

MD5
fe3e366e6920c86d10ce52e6e5be6718

SHA1
d67eff81ee68f600ef0c1660557fc6510fc4e8d7

SHA256
d55c0f7aa17ffd11747fbb91de671418ba37927f3cd55462c15937bc9f3c901b

SHA512
94d60da481be0f57e68bc6d96161df411210c6efa30da6cd0f43ff013a57c23c4029831168de27e83558c0ead8fdf0b65fa45c7dd74924cd1128b889ce338f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe

Filesize
184KB

MD5
4aa67847e37f3a3e0f37cb48fbb68199

SHA1
4409121656864cb49682fceab1f4d90afd623937

SHA256
14a6ad06b168c46b7a12270289d617350191dc266fee5da690c0cfd45a4bc52a

SHA512
fe343340d8d99a233bef022f522911cdb07c7615d8a476819a1b4f6cb8769dd72354fa74c1ff4d45398846ff5e1c98795e35833e6b457f2147eb1dd8cf1fa175

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe

Filesize
184KB

MD5
b0dc204df7ba7ee35c9a0398a5f0ff03

SHA1
98a4cd8748085717922edfe55b02a5dfd0d89668

SHA256
2b91359c48d6e7be3b598884c02c4f75dee63f3982d3857a30ebbe2c795ffb61

SHA512
e47794fb43a28c38982e352d38f297827079659ef354f641a7e8995214b25129f3c4e662b7912349bb9c8e25303e972d5047507fcc34e7db7bdcb8761579dbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe

Filesize
184KB

MD5
acd239a8b4b285af51deaab1c29e31f2

SHA1
e75156a2697b1933db6da08970360db8ab15917a

SHA256
30a17fd1fae3bab8d081fc9176a890522df7fe678cdb13876cb76a26bf72d93f

SHA512
8dccee2cc7b668a53dfb65ea5ca4d11721fc3770a51c8150a7c79aec9d46a2ca9729645875cbd61cb02689cf0bf12aec985c4622cda917240d7f18688bbbfbad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe

Filesize
184KB

MD5
1058abd9eae74a2baf4acdd374b95ac6

SHA1
89df3d2ac923adfdc881b780cf54a23d5c345348

SHA256
dd0bd8eb439c1e9e199c5397d975429d8fedaee5f7ef9656ab68f9d51d23ce6e

SHA512
307de2158c3ba65c87ef393cbc91e665d3a32686c3e8741de25927d1f1d0f526416d699d8cfd6badc671bd83794a8a68f2d43cf836b347db21a157026f013105

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe

Filesize
184KB

MD5
2b238f1d04a8c8acea61ed5cbf8a4cef

SHA1
2968aae2d9fb2e8cf436652f67798d7165cf83da

SHA256
55540f45cb7c39d44e218134f5a83505919dc1f65adb3410707ea29e0efeda54

SHA512
aba5f11471814aaab9eb966eb81eb6c77723356ae6dddb00bff8fc8b3a3c868ebfbf6cb05148b11e715f85ee96905dcceac3574105a8b861ed4275d04fa51906

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe

Filesize
184KB

MD5
26b6ac5d70a38e41dedce2b22595ff19

SHA1
a696ec31ebaffae6c3009b8e16db4058f7d3624b

SHA256
de2c7721808fee4ec6c418ca86c3e645bf9ecb6c10b0c6ebec6efc2d300a6304

SHA512
40c7dc6b13e1347bc5834f9193017d865065042b6f36a764852616ec0244174c357ab078dd802df8cd3a52a3bc24e4fd4004cb144f7f4aa843e506ea7bdf5426

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe

Filesize
184KB

MD5
c58f064f18ddb186e82ced2d2e409e93

SHA1
454da9be2345363fc878a9ea5402fb5a92eeda3b

SHA256
9a5af3344493dcb2f04c761162ad72d9f17e8b1e4644909a5a38a837044a8e5e

SHA512
531c3dd3e1210547910d09cb3e26852298901f059818b340b4a2062efd20d7186a429c3bbcde19aa3d269c7245b5ee357b3bfea895e67c54c75a1d436acb3a45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe

Filesize
184KB

MD5
77d47d6a9b258ad8f140fb310dbf6f76

SHA1
451d527a54b0df4096a8440c5c1b08785e5ffe4c

SHA256
32fb921b7e3cf31b4be42683b6ddaa64daa11a94ac976e81b4c9686583098ecf

SHA512
60c08c442f8e944ff534aee41b9942d3f323578e2e7ba02509ac7cb8a96f727e85aa7707ac5b55412febe2358399d80972c66b793eb33cc4bc36ecc14843a469

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe

Filesize
184KB

MD5
8ba154200f836f390a92c586c110a1d8

SHA1
82e80fde58f42240582c118f12b01ac27627f326

SHA256
546b79a5ae5e51e40008aa0cd5056a5b8c330555d62f8c966a5ec0f3b3ccbfd8

SHA512
49876c9e035981c0413eb162e0b08c1b3fc0331f2e7b79e6ca1aaa8be8c674b110741983811549b3cc7def43a5357f4d20e4855d4264edb1c5373d25d88839a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe

Filesize
184KB

MD5
2034e46106b5eae4ece90999a88bab17

SHA1
398eae0073a07c843ef61a1557e7fde82df649bc

SHA256
882fdfb5e20c97e3f7400925caebb6fa806c42ad2468f29126ac7daafdcc3355

SHA512
acba9397e708d9173541f318aef2eabce192e7334919a346b249bc6ee2b8c6fcdb8301f90351118db1e562d5897fc3420b6ec001e100e67f7c33823e32422b44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe

Filesize
184KB

MD5
fb2a4a5f6734c03cc0cd2cddec211461

SHA1
e4e24b20cd68b49afcc198661a396a1a4ee7c1d7

SHA256
d465317229c625927cae785196b005821964f6d529b18e1c387b8e9c4fa9c136

SHA512
319c207d4a9f4040863bbf87ab1ff98aeaf77cdc3fc16a26faea59690c2340669837846165500620a097fe9d33e55a6e1775c54b8465692723e4567e57262b47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe

Filesize
184KB

MD5
9b43f1a82e97772ac9b7fce269ed2cbd

SHA1
8ba5a9b2cea0571a7103bc17f3ec409e296f7abf

SHA256
98f50ceb432ece4fab8dbeca28ee73104e06ac5b5988714c3295a1a2b87d0b6a

SHA512
9f8febf4f946abd87c976ae87d9493bae85be522fc302485e2916993dbc732c7fa8b92f0ae7499185842aa2c95329705af7454d3e755fa350bd6596f181678d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe

Filesize
184KB

MD5
eb514bbdf1b170f3412b7e820d9c261f

SHA1
c2acfcdb2ace2711b7c90d2ad61ee0155e290705

SHA256
3710ff7834c38837b6a614c29fed6e2a364e89fd25c0b97837a433fd29c95e53

SHA512
f01db4abd2c5d76acff56dea48ff2d843c6ea46bc98a8ccf6ae0b879d142ca6d044db6bd7e15361c9c91ad323b72cb4c1482a678562afc0978ec09c051dd8687

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe

Filesize
184KB

MD5
3fd6f4ee4993605ebdefb4670565fd35

SHA1
7e7a151ff4e9ad3818f04b43c2a9aa39d7476afb

SHA256
5bb4c5822bd2eb006ddb2f248ed7c8074be561bb78655fe5d2286e8406a82723

SHA512
29269d4a557dfd1b3635f6ba073de63a6c9071b09202abca6f611f93e7dca02203c08f19cb8ebcaf9b0016b779543c0fbc62199c88fabc09e36027b8c0fab2d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe

Filesize
184KB

MD5
ba3a2f05504ad7ecb4ca6d7ac20a2b9d

SHA1
12ba7d62ca91039ee6af58471569c0fe8f6212ca

SHA256
a3a920c3d0fe057d44d8ddfff5c2e071cbddce108ef90a11e6e37ad8ab3185fd

SHA512
93d8b0098b9d69e8ed2f1ca74a0a438c35180f8237a849eba304089095d9c4a5848349de6b34e51e12d9cff59610f25617c6e3da9fa5660ec517b15864641e35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe

Filesize
184KB

MD5
f1baa00cbb3976e6227e782bd9da8a8a

SHA1
52ec07a95c87a95b1fce7f5c7f0bec955f06c04d

SHA256
7b64d100b4060ad884902a5cec46d4e13c83fc79fe96fcd52040a50e7400ca46

SHA512
0f0d68482c3d98eb4110d0614fe85ec20cc12d1a2a0cfdff31a8e415f8787b1530c4b60d53bcf44b65a6a2e3bbc7c045e71ee7379f6e7400382fe9db94b0f027

Download Submit