43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
Size

184KB
MD5

c6aa6c716ed698205012c48bcc4c150f
SHA1

6f6d2357bc32cd7e71f05077aed9d9466988ee84
SHA256

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e
SHA512

97d9aedbe00faacf1d6ec895c1d68aa7d909d50b1f0bd7347022f4319105f62624f85b81e676ec3c7c3b42f52befbea5bb26df7cb5166b3da767eb3cbdaecf97
SSDEEP

3072:DJAHfgo67iOTj+aWeDbL+msAhlnViFDnY:DJToIH+ahLZsAhlnViFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-4009.exeUnicorn-38388.exeUnicorn-23444.exeUnicorn-50133.exeUnicorn-11238.exeUnicorn-26183.exeUnicorn-6936.exeUnicorn-43370.exeUnicorn-26288.exeUnicorn-14590.exeUnicorn-10911.exeUnicorn-23718.exeUnicorn-31332.exeUnicorn-42214.exeUnicorn-65327.exeUnicorn-23247.exeUnicorn-15633.exeUnicorn-30045.exeUnicorn-9624.exeUnicorn-8041.exeUnicorn-58633.exeUnicorn-51020.exeUnicorn-11570.exeUnicorn-2909.exeUnicorn-31197.exeUnicorn-28736.exeUnicorn-62992.exeUnicorn-12400.exeUnicorn-50548.exeUnicorn-6178.exeUnicorn-44326.exeUnicorn-52494.exeUnicorn-5431.exeUnicorn-61217.exeUnicorn-15545.exeUnicorn-57133.exeUnicorn-35712.exeUnicorn-9069.exeUnicorn-34320.exeUnicorn-21322.exeUnicorn-60216.exeUnicorn-56132.exeUnicorn-57756.exeUnicorn-709.exeUnicorn-39604.exeUnicorn-64855.exeUnicorn-55618.exeUnicorn-30044.exeUnicorn-5862.exeUnicorn-3423.exeUnicorn-20829.exeUnicorn-28997.exeUnicorn-35773.exeUnicorn-43387.exeUnicorn-43387.exeUnicorn-64362.exeUnicorn-64362.exeUnicorn-42017.exeUnicorn-62992.exeUnicorn-60299.exeUnicorn-5623.exeUnicorn-984.exeUnicorn-27435.exeUnicorn-7569.exe

pid	process
1880	Unicorn-4009.exe
2528	Unicorn-38388.exe
2488	Unicorn-23444.exe
2816	Unicorn-50133.exe
2552	Unicorn-11238.exe
2392	Unicorn-26183.exe
556	Unicorn-6936.exe
1640	Unicorn-43370.exe
2468	Unicorn-26288.exe
2700	Unicorn-14590.exe
1612	Unicorn-10911.exe
2004	Unicorn-23718.exe
2068	Unicorn-31332.exe
1756	Unicorn-42214.exe
1936	Unicorn-65327.exe
2960	Unicorn-23247.exe
832	Unicorn-15633.exe
692	Unicorn-30045.exe
1772	Unicorn-9624.exe
2348	Unicorn-8041.exe
1524	Unicorn-58633.exe
1452	Unicorn-51020.exe
1056	Unicorn-11570.exe
1392	Unicorn-2909.exe
1616	Unicorn-31197.exe
1684	Unicorn-28736.exe
1584	Unicorn-62992.exe
2256	Unicorn-12400.exe
2780	Unicorn-50548.exe
2940	Unicorn-6178.exe
2612	Unicorn-44326.exe
2748	Unicorn-52494.exe
2680	Unicorn-5431.exe
2384	Unicorn-61217.exe
2548	Unicorn-15545.exe
2444	Unicorn-57133.exe
2244	Unicorn-35712.exe
2328	Unicorn-9069.exe
2852	Unicorn-34320.exe
2304	Unicorn-21322.exe
2096	Unicorn-60216.exe
1988	Unicorn-56132.exe
2476	Unicorn-57756.exe
3064	Unicorn-709.exe
3012	Unicorn-39604.exe
1800	Unicorn-64855.exe
1600	Unicorn-55618.exe
1168	Unicorn-30044.exe
2872	Unicorn-5862.exe
2628	Unicorn-3423.exe
684	Unicorn-20829.exe
2092	Unicorn-28997.exe
1700	Unicorn-35773.exe
936	Unicorn-43387.exe
2080	Unicorn-43387.exe
1164	Unicorn-64362.exe
2168	Unicorn-64362.exe
2824	Unicorn-42017.exe
2644	Unicorn-62992.exe
1912	Unicorn-60299.exe
2292	Unicorn-5623.exe
1624	Unicorn-984.exe
3000	Unicorn-27435.exe
824	Unicorn-7569.exe

Loads dropped DLL 64 IoCs

Processes:

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exeUnicorn-4009.exeUnicorn-23444.exeUnicorn-38388.exeWerFault.exeUnicorn-11238.exeUnicorn-26183.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-43370.exeWerFault.exeUnicorn-14590.exeUnicorn-26288.exeWerFault.exeWerFault.exeUnicorn-10911.exe

pid	process
2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
1880	Unicorn-4009.exe
2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
1880	Unicorn-4009.exe
2488	Unicorn-23444.exe
2488	Unicorn-23444.exe
2528	Unicorn-38388.exe
2528	Unicorn-38388.exe
1880	Unicorn-4009.exe
1880	Unicorn-4009.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2552	Unicorn-11238.exe
2552	Unicorn-11238.exe
2528	Unicorn-38388.exe
2528	Unicorn-38388.exe
2392	Unicorn-26183.exe
2392	Unicorn-26183.exe
2488	Unicorn-23444.exe
2488	Unicorn-23444.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1048	WerFault.exe
1048	WerFault.exe
1476	WerFault.exe
1048	WerFault.exe
1640	Unicorn-43370.exe
1640	Unicorn-43370.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
2552	Unicorn-11238.exe
2552	Unicorn-11238.exe
2700	Unicorn-14590.exe
2700	Unicorn-14590.exe
2468	Unicorn-26288.exe
2468	Unicorn-26288.exe
2392	Unicorn-26183.exe
2392	Unicorn-26183.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
620	WerFault.exe
620	WerFault.exe
620	WerFault.exe
1612	Unicorn-10911.exe
1612	Unicorn-10911.exe
1640	Unicorn-43370.exe
1640	Unicorn-43370.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2744	2184	WerFault.exe	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
2840	1880	WerFault.exe	Unicorn-4009.exe
2652	2816	WerFault.exe	Unicorn-50133.exe
1476	2528	WerFault.exe	Unicorn-38388.exe
1048	2488	WerFault.exe	Unicorn-23444.exe
1648	556	WerFault.exe	Unicorn-6936.exe
2240	2552	WerFault.exe	Unicorn-11238.exe
620	2392	WerFault.exe	Unicorn-26183.exe
1980	1640	WerFault.exe	Unicorn-43370.exe
1652	2700	WerFault.exe	Unicorn-14590.exe
2044	2468	WerFault.exe	Unicorn-26288.exe
1332	1612	WerFault.exe	Unicorn-10911.exe
2716	2004	WerFault.exe	Unicorn-23718.exe
1196	2068	WerFault.exe	Unicorn-31332.exe
2712	1756	WerFault.exe	Unicorn-42214.exe
1412	1936	WerFault.exe	Unicorn-65327.exe
2108	2680	WerFault.exe	Unicorn-5431.exe
2900	2960	WerFault.exe	Unicorn-23247.exe
2572	832	WerFault.exe	Unicorn-15633.exe
2604	1524	WerFault.exe	Unicorn-58633.exe
2484	2348	WerFault.exe	Unicorn-8041.exe
2420	1056	WerFault.exe	Unicorn-11570.exe
2456	1452	WerFault.exe	Unicorn-51020.exe
564	1772	WerFault.exe	Unicorn-9624.exe
1604	692	WerFault.exe	Unicorn-30045.exe
1388	1684	WerFault.exe	Unicorn-28736.exe
1108	1392	WerFault.exe	Unicorn-2909.exe
1512	1616	WerFault.exe	Unicorn-31197.exe
2864	2612	WerFault.exe	Unicorn-44326.exe
936	2384	WerFault.exe	Unicorn-61217.exe
2788	1168	WerFault.exe	Unicorn-30044.exe
1116	2940	WerFault.exe	Unicorn-6178.exe
2880	2748	WerFault.exe	Unicorn-52494.exe
2568	684	WerFault.exe	Unicorn-20829.exe
2592	2168	WerFault.exe	Unicorn-64362.exe
1688	1600	WerFault.exe	Unicorn-55618.exe
2272	1988	WerFault.exe	Unicorn-56132.exe
3080	1700	WerFault.exe	Unicorn-35773.exe
3088	3064	WerFault.exe	Unicorn-709.exe
3128	1164	WerFault.exe	Unicorn-64362.exe
3364	3012	WerFault.exe	Unicorn-39604.exe
3588	2780	WerFault.exe	Unicorn-50548.exe
3648	2096	WerFault.exe	Unicorn-60216.exe
3668	2872	WerFault.exe	Unicorn-5862.exe
3768	2776	WerFault.exe	Unicorn-41825.exe
3796	2444	WerFault.exe	Unicorn-57133.exe
3816	2328	WerFault.exe	Unicorn-9069.exe
3836	2092	WerFault.exe	Unicorn-28997.exe
3860	1800	WerFault.exe	Unicorn-64855.exe
3872	1584	WerFault.exe	Unicorn-62992.exe
3884	2080	WerFault.exe	Unicorn-43387.exe
3992	2628	WerFault.exe	Unicorn-3423.exe
4008	2256	WerFault.exe	Unicorn-12400.exe
4024	2548	WerFault.exe	Unicorn-15545.exe
3384	1912	WerFault.exe	Unicorn-60299.exe
3460	824	WerFault.exe	Unicorn-7569.exe
3496	1624	WerFault.exe	Unicorn-984.exe
3532	2292	WerFault.exe	Unicorn-5623.exe
3548	2476	WerFault.exe	Unicorn-57756.exe
3544	2852	WerFault.exe	Unicorn-34320.exe
3584	2304	WerFault.exe	Unicorn-21322.exe
3660	2644	WerFault.exe	Unicorn-62992.exe
3696	2824	WerFault.exe	Unicorn-42017.exe
3736	2244	WerFault.exe	Unicorn-35712.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exeUnicorn-4009.exeUnicorn-23444.exeUnicorn-38388.exeUnicorn-11238.exeUnicorn-50133.exeUnicorn-26183.exeUnicorn-6936.exeUnicorn-43370.exeUnicorn-26288.exeUnicorn-14590.exeUnicorn-10911.exeUnicorn-23718.exeUnicorn-31332.exeUnicorn-42214.exeUnicorn-65327.exeUnicorn-23247.exeUnicorn-15633.exeUnicorn-30045.exeUnicorn-9624.exeUnicorn-8041.exeUnicorn-58633.exeUnicorn-51020.exeUnicorn-11570.exeUnicorn-2909.exeUnicorn-28736.exeUnicorn-31197.exeUnicorn-12400.exeUnicorn-62992.exeUnicorn-50548.exeUnicorn-6178.exeUnicorn-44326.exeUnicorn-52494.exeUnicorn-5431.exeUnicorn-15545.exeUnicorn-61217.exeUnicorn-57133.exeUnicorn-35712.exeUnicorn-9069.exeUnicorn-34320.exeUnicorn-21322.exeUnicorn-56132.exeUnicorn-60216.exeUnicorn-57756.exeUnicorn-39604.exeUnicorn-64855.exeUnicorn-709.exeUnicorn-30044.exeUnicorn-55618.exeUnicorn-3423.exeUnicorn-20829.exeUnicorn-28997.exeUnicorn-5862.exeUnicorn-35773.exeUnicorn-43387.exeUnicorn-64362.exeUnicorn-42017.exeUnicorn-62992.exeUnicorn-60299.exeUnicorn-5623.exeUnicorn-984.exeUnicorn-7569.exeUnicorn-27435.exeUnicorn-41825.exe

pid	process
2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
1880	Unicorn-4009.exe
2488	Unicorn-23444.exe
2528	Unicorn-38388.exe
2552	Unicorn-11238.exe
2816	Unicorn-50133.exe
2392	Unicorn-26183.exe
556	Unicorn-6936.exe
1640	Unicorn-43370.exe
2468	Unicorn-26288.exe
2700	Unicorn-14590.exe
1612	Unicorn-10911.exe
2004	Unicorn-23718.exe
2068	Unicorn-31332.exe
1756	Unicorn-42214.exe
1936	Unicorn-65327.exe
2960	Unicorn-23247.exe
832	Unicorn-15633.exe
692	Unicorn-30045.exe
1772	Unicorn-9624.exe
2348	Unicorn-8041.exe
1524	Unicorn-58633.exe
1452	Unicorn-51020.exe
1056	Unicorn-11570.exe
1392	Unicorn-2909.exe
1684	Unicorn-28736.exe
1616	Unicorn-31197.exe
2256	Unicorn-12400.exe
1584	Unicorn-62992.exe
2780	Unicorn-50548.exe
2940	Unicorn-6178.exe
2612	Unicorn-44326.exe
2748	Unicorn-52494.exe
2680	Unicorn-5431.exe
2548	Unicorn-15545.exe
2384	Unicorn-61217.exe
2444	Unicorn-57133.exe
2244	Unicorn-35712.exe
2328	Unicorn-9069.exe
2852	Unicorn-34320.exe
2304	Unicorn-21322.exe
1988	Unicorn-56132.exe
2096	Unicorn-60216.exe
2476	Unicorn-57756.exe
3012	Unicorn-39604.exe
1800	Unicorn-64855.exe
3064	Unicorn-709.exe
1168	Unicorn-30044.exe
1600	Unicorn-55618.exe
2628	Unicorn-3423.exe
684	Unicorn-20829.exe
2092	Unicorn-28997.exe
2872	Unicorn-5862.exe
1700	Unicorn-35773.exe
2080	Unicorn-43387.exe
2168	Unicorn-64362.exe
2824	Unicorn-42017.exe
2644	Unicorn-62992.exe
1912	Unicorn-60299.exe
2292	Unicorn-5623.exe
1624	Unicorn-984.exe
824	Unicorn-7569.exe
3000	Unicorn-27435.exe
2776	Unicorn-41825.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exeUnicorn-4009.exeUnicorn-23444.exeUnicorn-38388.exeUnicorn-11238.exeUnicorn-50133.exeUnicorn-26183.exeUnicorn-6936.exe

description	pid	process	target process
PID 2184 wrote to memory of 1880	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-4009.exe
PID 2184 wrote to memory of 1880	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-4009.exe
PID 2184 wrote to memory of 1880	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-4009.exe
PID 2184 wrote to memory of 1880	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-4009.exe
PID 2184 wrote to memory of 2528	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-38388.exe
PID 2184 wrote to memory of 2528	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-38388.exe
PID 2184 wrote to memory of 2528	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-38388.exe
PID 2184 wrote to memory of 2528	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-38388.exe
PID 1880 wrote to memory of 2488	1880	Unicorn-4009.exe	Unicorn-23444.exe
PID 1880 wrote to memory of 2488	1880	Unicorn-4009.exe	Unicorn-23444.exe
PID 1880 wrote to memory of 2488	1880	Unicorn-4009.exe	Unicorn-23444.exe
PID 1880 wrote to memory of 2488	1880	Unicorn-4009.exe	Unicorn-23444.exe
PID 2184 wrote to memory of 2744	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	WerFault.exe
PID 2184 wrote to memory of 2744	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	WerFault.exe
PID 2184 wrote to memory of 2744	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	WerFault.exe
PID 2184 wrote to memory of 2744	2184	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	WerFault.exe
PID 2488 wrote to memory of 2816	2488	Unicorn-23444.exe	Unicorn-50133.exe
PID 2488 wrote to memory of 2816	2488	Unicorn-23444.exe	Unicorn-50133.exe
PID 2488 wrote to memory of 2816	2488	Unicorn-23444.exe	Unicorn-50133.exe
PID 2488 wrote to memory of 2816	2488	Unicorn-23444.exe	Unicorn-50133.exe
PID 2528 wrote to memory of 2552	2528	Unicorn-38388.exe	Unicorn-11238.exe
PID 2528 wrote to memory of 2552	2528	Unicorn-38388.exe	Unicorn-11238.exe
PID 2528 wrote to memory of 2552	2528	Unicorn-38388.exe	Unicorn-11238.exe
PID 2528 wrote to memory of 2552	2528	Unicorn-38388.exe	Unicorn-11238.exe
PID 1880 wrote to memory of 2392	1880	Unicorn-4009.exe	Unicorn-26183.exe
PID 1880 wrote to memory of 2392	1880	Unicorn-4009.exe	Unicorn-26183.exe
PID 1880 wrote to memory of 2392	1880	Unicorn-4009.exe	Unicorn-26183.exe
PID 1880 wrote to memory of 2392	1880	Unicorn-4009.exe	Unicorn-26183.exe
PID 1880 wrote to memory of 2840	1880	Unicorn-4009.exe	WerFault.exe
PID 1880 wrote to memory of 2840	1880	Unicorn-4009.exe	WerFault.exe
PID 1880 wrote to memory of 2840	1880	Unicorn-4009.exe	WerFault.exe
PID 1880 wrote to memory of 2840	1880	Unicorn-4009.exe	WerFault.exe
PID 2552 wrote to memory of 556	2552	Unicorn-11238.exe	Unicorn-6936.exe
PID 2552 wrote to memory of 556	2552	Unicorn-11238.exe	Unicorn-6936.exe
PID 2552 wrote to memory of 556	2552	Unicorn-11238.exe	Unicorn-6936.exe
PID 2552 wrote to memory of 556	2552	Unicorn-11238.exe	Unicorn-6936.exe
PID 2528 wrote to memory of 1640	2528	Unicorn-38388.exe	Unicorn-43370.exe
PID 2528 wrote to memory of 1640	2528	Unicorn-38388.exe	Unicorn-43370.exe
PID 2528 wrote to memory of 1640	2528	Unicorn-38388.exe	Unicorn-43370.exe
PID 2528 wrote to memory of 1640	2528	Unicorn-38388.exe	Unicorn-43370.exe
PID 2816 wrote to memory of 2652	2816	Unicorn-50133.exe	WerFault.exe
PID 2816 wrote to memory of 2652	2816	Unicorn-50133.exe	WerFault.exe
PID 2816 wrote to memory of 2652	2816	Unicorn-50133.exe	WerFault.exe
PID 2816 wrote to memory of 2652	2816	Unicorn-50133.exe	WerFault.exe
PID 2392 wrote to memory of 2468	2392	Unicorn-26183.exe	Unicorn-26288.exe
PID 2392 wrote to memory of 2468	2392	Unicorn-26183.exe	Unicorn-26288.exe
PID 2392 wrote to memory of 2468	2392	Unicorn-26183.exe	Unicorn-26288.exe
PID 2392 wrote to memory of 2468	2392	Unicorn-26183.exe	Unicorn-26288.exe
PID 2488 wrote to memory of 2700	2488	Unicorn-23444.exe	Unicorn-14590.exe
PID 2488 wrote to memory of 2700	2488	Unicorn-23444.exe	Unicorn-14590.exe
PID 2488 wrote to memory of 2700	2488	Unicorn-23444.exe	Unicorn-14590.exe
PID 2488 wrote to memory of 2700	2488	Unicorn-23444.exe	Unicorn-14590.exe
PID 2528 wrote to memory of 1476	2528	Unicorn-38388.exe	WerFault.exe
PID 2528 wrote to memory of 1476	2528	Unicorn-38388.exe	WerFault.exe
PID 2528 wrote to memory of 1476	2528	Unicorn-38388.exe	WerFault.exe
PID 2528 wrote to memory of 1476	2528	Unicorn-38388.exe	WerFault.exe
PID 2488 wrote to memory of 1048	2488	Unicorn-23444.exe	WerFault.exe
PID 2488 wrote to memory of 1048	2488	Unicorn-23444.exe	WerFault.exe
PID 2488 wrote to memory of 1048	2488	Unicorn-23444.exe	WerFault.exe
PID 2488 wrote to memory of 1048	2488	Unicorn-23444.exe	WerFault.exe
PID 556 wrote to memory of 1648	556	Unicorn-6936.exe	WerFault.exe
PID 556 wrote to memory of 1648	556	Unicorn-6936.exe	WerFault.exe
PID 556 wrote to memory of 1648	556	Unicorn-6936.exe	WerFault.exe
PID 556 wrote to memory of 1648	556	Unicorn-6936.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
"C:\Users\Admin\AppData\Local\Temp\43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        12⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        13⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        14⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 236
        13⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        11⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        10⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        9⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        8⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        12⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        13⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
        12⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        9⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        11⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
        12⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        13⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        12⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
        11⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        10⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 216
        9⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        8⤵
        Program crash
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        7⤵
        Program crash
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        11⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        12⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
        13⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
        12⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
        11⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 236
        9⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 216
        8⤵
        Program crash
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        11⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
        11⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        8⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        7⤵
        Program crash
        
        PID:1116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        6⤵
        Program crash
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        11⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        12⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        13⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 236
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        11⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        9⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        8⤵
        Program crash
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        7⤵
        Program crash
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        11⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 236
        11⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        8⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        7⤵
        Program crash
        
        PID:1688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        5⤵
        Program crash
        
        PID:1652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        8⤵
        Executes dropped EXE
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        8⤵
        Program crash
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        11⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        12⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        13⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        13⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        11⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        9⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        8⤵
        Program crash
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        7⤵
        Program crash
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        12⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        13⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        14⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        13⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
        12⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        11⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        10⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        12⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 220
        13⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 236
        12⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        11⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        10⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
        12⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 200
        13⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        8⤵
        Program crash
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        7⤵
        Program crash
        
        PID:936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        6⤵
        Program crash
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        11⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        11⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        12⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
        12⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 220
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        10⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        9⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
        8⤵
        Program crash
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        7⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        10⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        11⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        12⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        6⤵
        Executes dropped EXE
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 220
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        8⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
        7⤵
        Program crash
        
        PID:3128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        5⤵
        Program crash
        
        PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        12⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        13⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 236
        12⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        8⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        10⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        12⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        7⤵
        Program crash
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        11⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        12⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
        12⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        9⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        8⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        7⤵
        Program crash
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        6⤵
        Program crash
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28997.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        12⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        12⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        8⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        7⤵
        Program crash
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        10⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        11⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        8⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        7⤵
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        6⤵
        Program crash
        
        PID:3796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        5⤵
        Program crash
        
        PID:1412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        12⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        13⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
        12⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        11⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        9⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        8⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        7⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        10⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        11⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        10⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
        8⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        7⤵
        Program crash
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        7⤵
        Program crash
        
        PID:2788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        6⤵
        Program crash
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        10⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27900.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        12⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 236
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
        9⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        8⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        7⤵
        Program crash
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        10⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 236
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        9⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        8⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        7⤵
        
        PID:4808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
        6⤵
        Program crash
        
        PID:4008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        5⤵
        Program crash
        
        PID:2716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        10⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        11⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        12⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        13⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        13⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        10⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        9⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        13⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        12⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 236
        11⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 216
        9⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        11⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        12⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 236
        12⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        11⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        9⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        8⤵
        Program crash
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
        7⤵
        Program crash
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        11⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        12⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
        12⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        11⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        10⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        7⤵
        Program crash
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        6⤵
        Program crash
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        11⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        10⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        9⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        8⤵
        Program crash
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        10⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        11⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 236
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 236
        10⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        Program crash
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        10⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        11⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        12⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        11⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        7⤵
        Program crash
        
        PID:3532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        6⤵
        Program crash
        
        PID:1388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        5⤵
        Program crash
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        12⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        13⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        12⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        11⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63226.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        12⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        11⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 236
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 236
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        9⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        10⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
        8⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
        7⤵
        Program crash
        
        PID:3460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        6⤵
        Program crash
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        11⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        12⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        7⤵
        Program crash
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        6⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        10⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 236
        9⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
        8⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
        7⤵
        
        PID:4144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        6⤵
        Program crash
        
        PID:3548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
        5⤵
        Program crash
        
        PID:2572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
      4⤵
      Program crash
      PID:1980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
  2⤵
  - Program crash
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe

Filesize
184KB

MD5
5c69da52ea3d122aaa27c84894602c88

SHA1
a825ea525240c07dc8ebd37f62b8aac5d01c47e9

SHA256
dd5e03d2a0e23c19e9e4868ae08362a6271450a0f4230692457ec6f00a9305fc

SHA512
3f393b3d0e66c80d128cd64189fde1ddd05a94c1d3f72cabc77dd7de7984e1238a65f638c5fde0cd918fec37139d54e434db6f5b41048af23f3a05afc7b95298

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe

Filesize
184KB

MD5
82635435fb291f7b0a27aa407a0e072e

SHA1
1e1215ac99511a1977cf808b66e9245f8d700a30

SHA256
8c6690d682790cfd0e0b1564517b64875c71ea105d4bc5cef358eb378a71653f

SHA512
7a3d9e513e848eb8fc041d8c9d4bcfa2dd7ae5e666750a9f5ffdcbec49747c94bea9b1e7ccdabfcd62c392e44f8e4c65ae51378f4b87cdd3658848ec2ee58790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe

Filesize
184KB

MD5
79499ad22f3288e0b603af25eef13f2f

SHA1
d946a1ed16e2ab9eb931ddbb731b7b0c6ee83ec2

SHA256
d458907d3448f00ef71940d551a84f70cfb485a3241ec679f6872add9ced0fd3

SHA512
1054a484413cf68987819d4cc8dbe24151274cdcc624534c409b65e9e5ff70937f4202247a279a4f2b9b5ba71ec20199712173443ef90057a82aa9f0ce5f7585

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe

Filesize
184KB

MD5
8b5abc58aa74653380b8317f86cecc16

SHA1
bba6379106d31d258ec8fef935f1e6c93306f63c

SHA256
22a38cb8d7f67681f92b5f369a3cebf61068257ed5de5f1319203a97b8a45323

SHA512
713b2e47c82c49927b118955523122e31da7ab3ba4136a9311dcf1a0507e85cfea360948aa4e197944e0553a9f915c9b8b6358435c14c318e0d9685cbfa74c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe

Filesize
184KB

MD5
74bc6ffa07fe56ed6bb8ee0bab9f52c5

SHA1
cebbca34b4317809dd305e3fe693872327239cb4

SHA256
28af4fd6c0842d870d711dc8abd6a592f1a447f6b3d8766211b82ea9cfefc274

SHA512
e7cabd382c28c88516888cb903ceb670912dd81a99fdf069b485ca2a4d961f7534241eeb232f611bd6d66c5d04d4fe861986eddbb84d13e86d23511269da5a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe

Filesize
184KB

MD5
77271d38aeacea9500400fb0911a35d6

SHA1
1895b8746b9ce6d2548f1fc7ba139fcc838fc4cc

SHA256
901c21b5abee372a6589088f0596102aed6c876caec419821a2597e4b6850e90

SHA512
f099fa2fccde4a23560df7bd911be62d56a693d0e4e9f0e0ae86743addfca03ac15701cf4665f690495480808b1f1a00506cf895a63ca38bb3843e755dad2656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe

Filesize
184KB

MD5
6c3cb7aa9bee263394b10103be9dcdc9

SHA1
55418ea27d0abf03575d851dab3e0dde047ae218

SHA256
fe556f1a90c8a9b6184179275dbf8fbe3b21eb34b5d7dc986633337508d10b4b

SHA512
17150e1e3e902ace8e16e502e494e2c8c64aee8cde8730b5037ef8295e49bf1a71b17248b15349e097bc84a5a8fce523924c86efc9dc5d26c9381862447b22c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe

Filesize
184KB

MD5
e85a5dfd8ceb035906cf6c7a3fbe5a07

SHA1
5bd6e5cd300e463a501ba6e984c980afcb4ab101

SHA256
7af5dfc2260f7606ffb66b2d357fad94f79cee8b98c15b97e97ad5c8cd72bf12

SHA512
bf477d0b7c607b49495c7c6b24f557864bd56fe7b467647b94170ef14fc737b061bf2895c5d416294566ae9715d2ec3f86d66a0330bff04131e607758494e6fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe

Filesize
184KB

MD5
2e24f76f9c66324082f21837eeb78f1d

SHA1
989633029a3c3b63484813cdbd1e6b805dcd5e3f

SHA256
7832676a0312ce543d667e7c2ce0972d33a1d157029e590853a816ad25e79b2e

SHA512
67753550bb67332afc31b3bb23abcd08bdf6b611796dc23fcbaad919e17ec05908adab5dca0a42df64ccd11e46f2b84f45377e12caa1d62a8a02a3b2260e2162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe

Filesize
184KB

MD5
bf3354e7341b418ee11149e84dd9abac

SHA1
41eb666732427804706c17ce681a35d7d42330d4

SHA256
66d08ceb36e86feaee731ae7c4093f4b898c744b426f4801ec0928b0eb964751

SHA512
04848e5e3ff3ba366327ec9f591e7b351a142728a0a9c379479723b7a391475e49a3077de235f3ec42744a487693420485945ac699e1a7f3e3cb1487f342583d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe

Filesize
184KB

MD5
4fe9992a5256be5c1f930597f4c27a4c

SHA1
df5343a0a622d1273917ed9c03bd7d0b73b65f44

SHA256
cb98b3f52513c196f51987b2eb861ac132a780f73056320b47ed75efce50ce25

SHA512
a0021ecdcec44b5cb981c5fc303d9036b8d81b4efc081314d6413fbeca61dd6840281d6eafcffc8323c0c73aca08c952cd8c306bb942bd0f3ff5b32fce9863b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe

Filesize
184KB

MD5
1b5e182189f6efd67887dbc3171a8dff

SHA1
f717fa055ac1b12a4e944acde68ddc5f1d65dca0

SHA256
4db6767805747f7007faea23153c69c9c2465fd645d7cb6715242c1fdea0b4b3

SHA512
3996e993654c343713860e93e1601f7153a28595ec1c827fc1de793702cd8eaa9bad0c84e0cb624acbbd7922f55a7000f7ed2807facb59999db978b927a45822

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe

Filesize
184KB

MD5
fcb4b7daaf1968b66d962e8537965b8a

SHA1
2db78913ef53249974a8e68fb9b81b908df627d1

SHA256
2cd86c6880f7ac2654b89f439d79d07606e72cf61e6d3f378953466b3bd2e860

SHA512
28e842a82ebd4af418231305c94807b0b6cf1a1dc18d7a3878c74e9b190e3d8aa599716f77bd98aca9f2350d6cdf3d0d5a1487509ac7cbc0c3c8137c60a80643

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe

Filesize
184KB

MD5
a80005367da8078624a51ef04c6fddf2

SHA1
dc75250c185aad20c04675544cb469cd35b77727

SHA256
2c2bf9c74e38338a5ac0a574d2fbd5ae65f2948a92a20eeae4390e58fa5da2f1

SHA512
1853bc2815d288a6cd83f3160c837e53214dcf7f308715dd7e0b52f17ab82108d0401c090c16d2c9784b0cf198811271793c9b79031ef2e7c5a7e7d2be03995a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe

Filesize
184KB

MD5
1e129ba951d9588cc2fb80a8df2e9abb

SHA1
2276e4e5920fbb50c7540b5cec5f1a016aea6526

SHA256
4725e8404285824978334cd679e5104a415e7fee0761e4820587ea684ca7ea0c

SHA512
8f21e843b059e6b27e3bff646b93449c685a1ebbfe1c5837c28baa3ee896614c4b78ff77d33f7d1ea2234ebfd8bff4aec428e7acaca25450014f98a47d12fedb

Download Submit