44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
Size

184KB
MD5

24b8c4f3ad8e5d745321ac0ec11de53f
SHA1

10d5b772528acf395f2216211f3a30e6c947b4d8
SHA256

44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe
SHA512

76ccdb77d6517dbc2a9a7e388fd5914b262626b8d2e403b35a27b42b67e9eb9ad294e7064528141136eee17bf00d2bd2a8edb456660aa2b896ab93cca9d25b7d
SSDEEP

3072:9RkuRrolZAj5dWJYet7FpxKqIK4PI7y+ZHq2u5/lUQ6hlnVOFznT:9Rnow3WJFFPKqICtWChlnVOFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-11150.exeUnicorn-25624.exeUnicorn-40568.exeUnicorn-15364.exeUnicorn-61036.exeUnicorn-60481.exeUnicorn-10294.exeUnicorn-31461.exeUnicorn-43735.exeUnicorn-64902.exeUnicorn-19231.exeUnicorn-38342.exeUnicorn-47326.exeUnicorn-54124.exeUnicorn-19314.exeUnicorn-60901.exeUnicorn-43818.exeUnicorn-50595.exeUnicorn-64238.exeUnicorn-39817.exeUnicorn-38425.exeUnicorn-49931.exeUnicorn-25981.exeUnicorn-8898.exeUnicorn-8898.exeUnicorn-50486.exeUnicorn-39625.exeUnicorn-17067.exeUnicorn-32011.exeUnicorn-58654.exeUnicorn-64082.exeUnicorn-28717.exeUnicorn-4767.exeUnicorn-32801.exeUnicorn-4020.exeUnicorn-10797.exeUnicorn-65473.exeUnicorn-33163.exeUnicorn-27155.exeUnicorn-61965.exeUnicorn-3205.exeUnicorn-57881.exeUnicorn-38015.exeUnicorn-31239.exeUnicorn-56298.exeUnicorn-31239.exeUnicorn-45437.exeUnicorn-52214.exeUnicorn-6542.exeUnicorn-28860.exeUnicorn-45004.exeUnicorn-14277.exeUnicorn-57256.exeUnicorn-2580.exeUnicorn-47697.exeUnicorn-12907.exeUnicorn-25160.exeUnicorn-1210.exeUnicorn-21076.exeUnicorn-46327.exeUnicorn-25714.exeUnicorn-51610.exeUnicorn-27660.exeUnicorn-35274.exe

pid	process
2172	Unicorn-11150.exe
2104	Unicorn-25624.exe
2904	Unicorn-40568.exe
2492	Unicorn-15364.exe
2120	Unicorn-61036.exe
2388	Unicorn-60481.exe
556	Unicorn-10294.exe
1124	Unicorn-31461.exe
1328	Unicorn-43735.exe
2816	Unicorn-64902.exe
1636	Unicorn-19231.exe
2632	Unicorn-38342.exe
2508	Unicorn-47326.exe
1772	Unicorn-54124.exe
2272	Unicorn-19314.exe
860	Unicorn-60901.exe
672	Unicorn-43818.exe
2972	Unicorn-50595.exe
2084	Unicorn-64238.exe
1532	Unicorn-39817.exe
2644	Unicorn-38425.exe
2044	Unicorn-49931.exe
1832	Unicorn-25981.exe
2660	Unicorn-8898.exe
2944	Unicorn-8898.exe
2216	Unicorn-50486.exe
2880	Unicorn-39625.exe
3036	Unicorn-17067.exe
1572	Unicorn-32011.exe
2860	Unicorn-58654.exe
2728	Unicorn-64082.exe
2648	Unicorn-28717.exe
2712	Unicorn-4767.exe
2364	Unicorn-32801.exe
3052	Unicorn-4020.exe
816	Unicorn-10797.exe
1284	Unicorn-65473.exe
528	Unicorn-33163.exe
2932	Unicorn-27155.exe
1620	Unicorn-61965.exe
2700	Unicorn-3205.exe
1340	Unicorn-57881.exe
1468	Unicorn-38015.exe
1144	Unicorn-31239.exe
1196	Unicorn-56298.exe
956	Unicorn-31239.exe
2264	Unicorn-45437.exe
2624	Unicorn-52214.exe
1996	Unicorn-6542.exe
768	Unicorn-28860.exe
2100	Unicorn-45004.exe
608	Unicorn-14277.exe
1464	Unicorn-57256.exe
1824	Unicorn-2580.exe
1676	Unicorn-47697.exe
2484	Unicorn-12907.exe
2640	Unicorn-25160.exe
2012	Unicorn-1210.exe
2348	Unicorn-21076.exe
2868	Unicorn-46327.exe
2684	Unicorn-25714.exe
1928	Unicorn-51610.exe
2652	Unicorn-27660.exe
1952	Unicorn-35274.exe

Loads dropped DLL 64 IoCs

Processes:

44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exeUnicorn-11150.exeUnicorn-25624.exeUnicorn-40568.exeWerFault.exeUnicorn-15364.exeUnicorn-60481.exeUnicorn-61036.exeWerFault.exeWerFault.exeUnicorn-10294.exeUnicorn-31461.exeUnicorn-43735.exeUnicorn-19231.exeUnicorn-64902.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
2172	Unicorn-11150.exe
1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
2172	Unicorn-11150.exe
1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
2172	Unicorn-11150.exe
2104	Unicorn-25624.exe
2172	Unicorn-11150.exe
2104	Unicorn-25624.exe
2904	Unicorn-40568.exe
2904	Unicorn-40568.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2492	Unicorn-15364.exe
2492	Unicorn-15364.exe
2104	Unicorn-25624.exe
2104	Unicorn-25624.exe
2388	Unicorn-60481.exe
2388	Unicorn-60481.exe
2904	Unicorn-40568.exe
2904	Unicorn-40568.exe
2120	Unicorn-61036.exe
2120	Unicorn-61036.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
2492	Unicorn-15364.exe
556	Unicorn-10294.exe
2492	Unicorn-15364.exe
556	Unicorn-10294.exe
1124	Unicorn-31461.exe
1328	Unicorn-43735.exe
1124	Unicorn-31461.exe
1328	Unicorn-43735.exe
2388	Unicorn-60481.exe
2388	Unicorn-60481.exe
1636	Unicorn-19231.exe
2120	Unicorn-61036.exe
1636	Unicorn-19231.exe
2120	Unicorn-61036.exe
2816	Unicorn-64902.exe
2816	Unicorn-64902.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
1544	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2472	1664	WerFault.exe	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
2796	2172	WerFault.exe	Unicorn-11150.exe
1992	2104	WerFault.exe	Unicorn-25624.exe
1688	2904	WerFault.exe	Unicorn-40568.exe
3068	2492	WerFault.exe	Unicorn-15364.exe
3004	2388	WerFault.exe	Unicorn-60481.exe
1544	2120	WerFault.exe	Unicorn-61036.exe
1308	556	WerFault.exe	Unicorn-10294.exe
1120	1124	WerFault.exe	Unicorn-31461.exe
2144	1328	WerFault.exe	Unicorn-43735.exe
2576	1636	WerFault.exe	Unicorn-19231.exe
2488	2816	WerFault.exe	Unicorn-64902.exe
2952	2508	WerFault.exe	Unicorn-47326.exe
2744	2632	WerFault.exe	Unicorn-38342.exe
3020	2272	WerFault.exe	Unicorn-19314.exe
1180	860	WerFault.exe	Unicorn-60901.exe
984	1772	WerFault.exe	Unicorn-54124.exe
2784	1284	WerFault.exe	Unicorn-65473.exe
908	2084	WerFault.exe	Unicorn-64238.exe
888	672	WerFault.exe	Unicorn-43818.exe
3016	2972	WerFault.exe	Unicorn-50595.exe
2356	1532	WerFault.exe	Unicorn-39817.exe
2852	2644	WerFault.exe	Unicorn-38425.exe
2792	1832	WerFault.exe	Unicorn-25981.exe
2812	2044	WerFault.exe	Unicorn-49931.exe
2008	3036	WerFault.exe	Unicorn-17067.exe
1644	2860	WerFault.exe	Unicorn-58654.exe
780	2216	WerFault.exe	Unicorn-50486.exe
2544	1572	WerFault.exe	Unicorn-32011.exe
2892	2660	WerFault.exe	Unicorn-8898.exe
940	2880	WerFault.exe	Unicorn-39625.exe
1144	2728	WerFault.exe	Unicorn-64082.exe
1444	2364	WerFault.exe	Unicorn-32801.exe
1384	2712	WerFault.exe	Unicorn-4767.exe
2536	528	WerFault.exe	Unicorn-33163.exe
1720	2932	WerFault.exe	Unicorn-27155.exe
1048	1340	WerFault.exe	Unicorn-57881.exe
916	956	WerFault.exe	Unicorn-31239.exe
2376	1196	WerFault.exe	Unicorn-56298.exe
2320	2264	WerFault.exe	Unicorn-45437.exe
2284	2648	WerFault.exe	Unicorn-28717.exe
3536	1676	WerFault.exe	Unicorn-47697.exe
3552	2868	WerFault.exe	Unicorn-46327.exe
3528	2012	WerFault.exe	Unicorn-1210.exe
3632	2944	WerFault.exe	Unicorn-8898.exe
3976	3052	WerFault.exe	Unicorn-4020.exe
4020	372	WerFault.exe	Unicorn-28428.exe
4060	2484	WerFault.exe	Unicorn-12907.exe
4084	2684	WerFault.exe	Unicorn-25714.exe
3204	576	WerFault.exe	Unicorn-29052.exe
1176	1952	WerFault.exe	Unicorn-35274.exe
3324	2108	WerFault.exe	Unicorn-63047.exe
3176	1996	WerFault.exe	Unicorn-6542.exe
3104	324	WerFault.exe	Unicorn-2964.exe
3164	1468	WerFault.exe	Unicorn-38015.exe
3228	2348	WerFault.exe	Unicorn-21076.exe
3648	2588	WerFault.exe	Unicorn-26914.exe
3624	2624	WerFault.exe	Unicorn-52214.exe
3612	1472	WerFault.exe	Unicorn-63862.exe
3616	2940	WerFault.exe	Unicorn-63862.exe
3520	2032	WerFault.exe	Unicorn-10577.exe
3484	608	WerFault.exe	Unicorn-14277.exe
3480	2960	WerFault.exe	Unicorn-33136.exe
3400	240	WerFault.exe	Unicorn-52186.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exeUnicorn-11150.exeUnicorn-25624.exeUnicorn-40568.exeUnicorn-15364.exeUnicorn-60481.exeUnicorn-61036.exeUnicorn-10294.exeUnicorn-31461.exeUnicorn-43735.exeUnicorn-64902.exeUnicorn-19231.exeUnicorn-38342.exeUnicorn-47326.exeUnicorn-19314.exeUnicorn-60901.exeUnicorn-54124.exeUnicorn-50595.exeUnicorn-43818.exeUnicorn-64238.exeUnicorn-39817.exeUnicorn-38425.exeUnicorn-49931.exeUnicorn-25981.exeUnicorn-8898.exeUnicorn-50486.exeUnicorn-8898.exeUnicorn-39625.exeUnicorn-17067.exeUnicorn-32011.exeUnicorn-58654.exeUnicorn-64082.exeUnicorn-28717.exeUnicorn-4767.exeUnicorn-32801.exeUnicorn-4020.exeUnicorn-65473.exeUnicorn-10797.exeUnicorn-33163.exeUnicorn-27155.exeUnicorn-61965.exeUnicorn-57881.exeUnicorn-3205.exeUnicorn-31239.exeUnicorn-52214.exeUnicorn-45437.exeUnicorn-56298.exeUnicorn-38015.exeUnicorn-6542.exeUnicorn-28860.exeUnicorn-45004.exeUnicorn-2580.exeUnicorn-14277.exeUnicorn-57256.exeUnicorn-47697.exeUnicorn-12907.exeUnicorn-25160.exeUnicorn-1210.exeUnicorn-21076.exeUnicorn-46327.exeUnicorn-25714.exeUnicorn-51610.exeUnicorn-27660.exeUnicorn-35274.exe

pid	process
1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
2172	Unicorn-11150.exe
2104	Unicorn-25624.exe
2904	Unicorn-40568.exe
2492	Unicorn-15364.exe
2388	Unicorn-60481.exe
2120	Unicorn-61036.exe
556	Unicorn-10294.exe
1124	Unicorn-31461.exe
1328	Unicorn-43735.exe
2816	Unicorn-64902.exe
1636	Unicorn-19231.exe
2632	Unicorn-38342.exe
2508	Unicorn-47326.exe
2272	Unicorn-19314.exe
860	Unicorn-60901.exe
1772	Unicorn-54124.exe
2972	Unicorn-50595.exe
672	Unicorn-43818.exe
2084	Unicorn-64238.exe
1532	Unicorn-39817.exe
2644	Unicorn-38425.exe
2044	Unicorn-49931.exe
1832	Unicorn-25981.exe
2660	Unicorn-8898.exe
2216	Unicorn-50486.exe
2944	Unicorn-8898.exe
2880	Unicorn-39625.exe
3036	Unicorn-17067.exe
1572	Unicorn-32011.exe
2860	Unicorn-58654.exe
2728	Unicorn-64082.exe
2648	Unicorn-28717.exe
2712	Unicorn-4767.exe
2364	Unicorn-32801.exe
3052	Unicorn-4020.exe
1284	Unicorn-65473.exe
816	Unicorn-10797.exe
528	Unicorn-33163.exe
2932	Unicorn-27155.exe
1620	Unicorn-61965.exe
1340	Unicorn-57881.exe
2700	Unicorn-3205.exe
956	Unicorn-31239.exe
2624	Unicorn-52214.exe
2264	Unicorn-45437.exe
1196	Unicorn-56298.exe
1468	Unicorn-38015.exe
1996	Unicorn-6542.exe
768	Unicorn-28860.exe
2100	Unicorn-45004.exe
1824	Unicorn-2580.exe
608	Unicorn-14277.exe
1464	Unicorn-57256.exe
1676	Unicorn-47697.exe
2484	Unicorn-12907.exe
2640	Unicorn-25160.exe
2012	Unicorn-1210.exe
2348	Unicorn-21076.exe
2868	Unicorn-46327.exe
2684	Unicorn-25714.exe
1928	Unicorn-51610.exe
2652	Unicorn-27660.exe
1952	Unicorn-35274.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exeUnicorn-11150.exeUnicorn-25624.exeUnicorn-40568.exeUnicorn-15364.exeUnicorn-60481.exeUnicorn-61036.exe

description	pid	process	target process
PID 1664 wrote to memory of 2172	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-11150.exe
PID 1664 wrote to memory of 2172	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-11150.exe
PID 1664 wrote to memory of 2172	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-11150.exe
PID 1664 wrote to memory of 2172	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-11150.exe
PID 2172 wrote to memory of 2104	2172	Unicorn-11150.exe	Unicorn-25624.exe
PID 2172 wrote to memory of 2104	2172	Unicorn-11150.exe	Unicorn-25624.exe
PID 2172 wrote to memory of 2104	2172	Unicorn-11150.exe	Unicorn-25624.exe
PID 2172 wrote to memory of 2104	2172	Unicorn-11150.exe	Unicorn-25624.exe
PID 1664 wrote to memory of 2904	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-40568.exe
PID 1664 wrote to memory of 2904	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-40568.exe
PID 1664 wrote to memory of 2904	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-40568.exe
PID 1664 wrote to memory of 2904	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	Unicorn-40568.exe
PID 1664 wrote to memory of 2472	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	WerFault.exe
PID 1664 wrote to memory of 2472	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	WerFault.exe
PID 1664 wrote to memory of 2472	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	WerFault.exe
PID 1664 wrote to memory of 2472	1664	44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe	WerFault.exe
PID 2172 wrote to memory of 2120	2172	Unicorn-11150.exe	Unicorn-61036.exe
PID 2172 wrote to memory of 2120	2172	Unicorn-11150.exe	Unicorn-61036.exe
PID 2172 wrote to memory of 2120	2172	Unicorn-11150.exe	Unicorn-61036.exe
PID 2172 wrote to memory of 2120	2172	Unicorn-11150.exe	Unicorn-61036.exe
PID 2104 wrote to memory of 2492	2104	Unicorn-25624.exe	Unicorn-15364.exe
PID 2104 wrote to memory of 2492	2104	Unicorn-25624.exe	Unicorn-15364.exe
PID 2104 wrote to memory of 2492	2104	Unicorn-25624.exe	Unicorn-15364.exe
PID 2104 wrote to memory of 2492	2104	Unicorn-25624.exe	Unicorn-15364.exe
PID 2904 wrote to memory of 2388	2904	Unicorn-40568.exe	Unicorn-60481.exe
PID 2904 wrote to memory of 2388	2904	Unicorn-40568.exe	Unicorn-60481.exe
PID 2904 wrote to memory of 2388	2904	Unicorn-40568.exe	Unicorn-60481.exe
PID 2904 wrote to memory of 2388	2904	Unicorn-40568.exe	Unicorn-60481.exe
PID 2172 wrote to memory of 2796	2172	Unicorn-11150.exe	WerFault.exe
PID 2172 wrote to memory of 2796	2172	Unicorn-11150.exe	WerFault.exe
PID 2172 wrote to memory of 2796	2172	Unicorn-11150.exe	WerFault.exe
PID 2172 wrote to memory of 2796	2172	Unicorn-11150.exe	WerFault.exe
PID 2492 wrote to memory of 556	2492	Unicorn-15364.exe	Unicorn-10294.exe
PID 2492 wrote to memory of 556	2492	Unicorn-15364.exe	Unicorn-10294.exe
PID 2492 wrote to memory of 556	2492	Unicorn-15364.exe	Unicorn-10294.exe
PID 2492 wrote to memory of 556	2492	Unicorn-15364.exe	Unicorn-10294.exe
PID 2104 wrote to memory of 1124	2104	Unicorn-25624.exe	Unicorn-31461.exe
PID 2104 wrote to memory of 1124	2104	Unicorn-25624.exe	Unicorn-31461.exe
PID 2104 wrote to memory of 1124	2104	Unicorn-25624.exe	Unicorn-31461.exe
PID 2104 wrote to memory of 1124	2104	Unicorn-25624.exe	Unicorn-31461.exe
PID 2388 wrote to memory of 1328	2388	Unicorn-60481.exe	Unicorn-43735.exe
PID 2388 wrote to memory of 1328	2388	Unicorn-60481.exe	Unicorn-43735.exe
PID 2388 wrote to memory of 1328	2388	Unicorn-60481.exe	Unicorn-43735.exe
PID 2388 wrote to memory of 1328	2388	Unicorn-60481.exe	Unicorn-43735.exe
PID 2904 wrote to memory of 2816	2904	Unicorn-40568.exe	Unicorn-64902.exe
PID 2904 wrote to memory of 2816	2904	Unicorn-40568.exe	Unicorn-64902.exe
PID 2904 wrote to memory of 2816	2904	Unicorn-40568.exe	Unicorn-64902.exe
PID 2904 wrote to memory of 2816	2904	Unicorn-40568.exe	Unicorn-64902.exe
PID 2120 wrote to memory of 1636	2120	Unicorn-61036.exe	Unicorn-19231.exe
PID 2120 wrote to memory of 1636	2120	Unicorn-61036.exe	Unicorn-19231.exe
PID 2120 wrote to memory of 1636	2120	Unicorn-61036.exe	Unicorn-19231.exe
PID 2120 wrote to memory of 1636	2120	Unicorn-61036.exe	Unicorn-19231.exe
PID 2104 wrote to memory of 1992	2104	Unicorn-25624.exe	WerFault.exe
PID 2104 wrote to memory of 1992	2104	Unicorn-25624.exe	WerFault.exe
PID 2104 wrote to memory of 1992	2104	Unicorn-25624.exe	WerFault.exe
PID 2104 wrote to memory of 1992	2104	Unicorn-25624.exe	WerFault.exe
PID 2904 wrote to memory of 1688	2904	Unicorn-40568.exe	WerFault.exe
PID 2904 wrote to memory of 1688	2904	Unicorn-40568.exe	WerFault.exe
PID 2904 wrote to memory of 1688	2904	Unicorn-40568.exe	WerFault.exe
PID 2904 wrote to memory of 1688	2904	Unicorn-40568.exe	WerFault.exe
PID 2492 wrote to memory of 2632	2492	Unicorn-15364.exe	Unicorn-38342.exe
PID 2492 wrote to memory of 2632	2492	Unicorn-15364.exe	Unicorn-38342.exe
PID 2492 wrote to memory of 2632	2492	Unicorn-15364.exe	Unicorn-38342.exe
PID 2492 wrote to memory of 2632	2492	Unicorn-15364.exe	Unicorn-38342.exe

C:\Users\Admin\AppData\Local\Temp\44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe
"C:\Users\Admin\AppData\Local\Temp\44782a0ce7275f5c236b0830e87246078afaf5042f0c7262b0e1c4e2c0d39dbe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        11⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
        12⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        13⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        14⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 236
        14⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        13⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        12⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        11⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        11⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
        12⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        13⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        14⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
        14⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        13⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        12⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        12⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        13⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        13⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
        12⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 240
        11⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
        10⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        11⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        12⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        13⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        14⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 236
        13⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
        12⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        11⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        10⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        9⤵
        Program crash
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        11⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        12⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        13⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        13⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
        12⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
        11⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        10⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        9⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        8⤵
        Program crash
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
        11⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        12⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        13⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        14⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        15⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        15⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        14⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
        13⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
        12⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        12⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        13⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        13⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
        12⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 240
        11⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        10⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        10⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        12⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        13⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
        14⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        14⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        13⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 236
        12⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 240
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        11⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
        12⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        13⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        13⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        12⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        12⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        13⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        13⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        12⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 220
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        9⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        8⤵
        Program crash
        
        PID:1384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
        7⤵
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        10⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
        9⤵
        Program crash
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        8⤵
        Program crash
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        11⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        12⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        12⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        10⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        12⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 236
        11⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 240
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        Program crash
        
        PID:2852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        6⤵
        Program crash
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        12⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
        11⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        7⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        12⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 236
        12⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        11⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        10⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        9⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 236
        8⤵
        Program crash
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        7⤵
        Program crash
        
        PID:1144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        6⤵
        Program crash
        
        PID:2744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5341.exe
        11⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        12⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        13⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        13⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
        12⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
        11⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
        9⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        8⤵
        Program crash
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe
        11⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        10⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 240
        10⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        10⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 236
        9⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        8⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 220
        7⤵
        
        PID:3668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        6⤵
        Program crash
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        11⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        12⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 220
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
        7⤵
        Program crash
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        6⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        10⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        11⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
        11⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
        10⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        8⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        7⤵
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        6⤵
        Program crash
        
        PID:780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        5⤵
        Program crash
        
        PID:1120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        11⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
        12⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        12⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
        11⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        9⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        Program crash
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
        10⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 236
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        13⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        13⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
        11⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        10⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        9⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        8⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        7⤵
        Program crash
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        7⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
        8⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        10⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        11⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        11⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
        9⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        8⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        Program crash
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        6⤵
        Program crash
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        12⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        12⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 236
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
        10⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        8⤵
        Program crash
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        7⤵
        Program crash
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        6⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        10⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        8⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        6⤵
        Program crash
        
        PID:2544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        5⤵
        Program crash
        
        PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        6⤵
        Executes dropped EXE
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        11⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        11⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 236
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        8⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        7⤵
        Program crash
        
        PID:4084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        6⤵
        Program crash
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        9⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
        9⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        6⤵
        Program crash
        
        PID:2376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 220
        5⤵
        Program crash
        
        PID:3016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43735.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21076.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        11⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        12⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        12⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        9⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        8⤵
        Program crash
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        Program crash
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        Program crash
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        11⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        11⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 224
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        8⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        7⤵
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        6⤵
        Program crash
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        7⤵
        Program crash
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        10⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        7⤵
        Program crash
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        6⤵
        Program crash
        
        PID:2792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        5⤵
        Program crash
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        10⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        11⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        10⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        Program crash
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        9⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        10⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        10⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
        9⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        8⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        6⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        9⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
        9⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        8⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
        7⤵
        
        PID:2504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        6⤵
        Program crash
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
        6⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        9⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        9⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        8⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
        7⤵
        Program crash
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        9⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        8⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        7⤵
        
        PID:6344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 220
        6⤵
        Program crash
        
        PID:3164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        5⤵
        Program crash
        
        PID:1180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        9⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        10⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        8⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        7⤵
        
        PID:3560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 236
        6⤵
        Program crash
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        5⤵
        Program crash
        
        PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
        9⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        8⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        7⤵
        Program crash
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        6⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        9⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 216
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        8⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 216
        7⤵
        
        PID:6672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 220
        6⤵
        Program crash
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        6⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        9⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        10⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        9⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 236
        7⤵
        
        PID:5764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        6⤵
        Program crash
        
        PID:3324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        5⤵
        Program crash
        
        PID:1644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
      4⤵
      Program crash
      PID:2488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
  2⤵
  - Program crash
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe

Filesize
184KB

MD5
35d471ccc0860f9325f076c342a31f75

SHA1
5c49b0acf55f6b073ef5b9a8a2e04b4772fdc9de

SHA256
264fa06e6535765935fe74014a55dfaad5c07df053c96a51502260b406595356

SHA512
2a6a0e59d583471fde35c1e89dc34ffb6cd78167cc59e9f8821e9fabc72570247363c99d4d433b7838728855b59e8eba6e05464e59c22047541b9d6876776b6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe

Filesize
184KB

MD5
a7bcbc23944f7f29fb8118395f5a0c66

SHA1
59cf0803abb7abb60e2ecf066217f312999e4db1

SHA256
f40e5053672a6834a29af88db373d380c845167d4aca9031a7ec9e4390b22df4

SHA512
cbd3854f284921528b341fb7fb2ec4eab287e656147e641aeba1722ea1a58ed7e8f31e970acf6186e6117ad80a1b264327aec88ad1da4955f8eba0b0d50292c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe

Filesize
184KB

MD5
79094f368a2284bf4fa3f40271ebcfe1

SHA1
fcf8a82dcd51e3a5d0d8170c4c515f01bf855bc8

SHA256
8784b8495e1b63b80f7ef0eeb0a008228eb18f8e32c0cc258da5b81779936934

SHA512
8704f81c7538ac007eb9c254269ef2fd54db2a5c1a3446c59c2a7d64e3d0d4e3b0b2386ad95eb1c72e580f3592bf4a3d30c0b894aef2dc554f820db4cc874c1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe

Filesize
184KB

MD5
7a31941ee1ae6ed5cb0b3fc6089d8fe5

SHA1
f2afea61953484c76989cd92d6328da8a06a3b68

SHA256
e4f02696d07bb1892fef3991ebcabe5027f3237ace867e259147cc6918760adb

SHA512
4d153f5a758a1907b99c67577bc91818179b0a9edcb352885c457035bbadbe9dd2f6e635e7c22de244a8a60ad3577242740279a744cd89784e5a4a759044849d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe

Filesize
184KB

MD5
3a89f70e6920f541571580deafb3fab2

SHA1
38f8483f1bf40b1da566f8d870bcdf80da6c5a7e

SHA256
b22f1238e786280240695bfe01a0deca837462d6616eecd08c20cd71904f7e49

SHA512
1af85ed5d163ac39c82d41f8253913df98b71ca42a3f678bd7842d75d65c76a0be358340eceec6a03efb5febe348164c65a752d6bed14e26ad6ebe5d1d4e480c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe

Filesize
184KB

MD5
97977e345829590b62aa7bd7264c86e1

SHA1
e5ba7825e24d8f845402bc7c8f34fe4375a9cf76

SHA256
ae4ce29ebbf3d0b2295c2720e37c88ae35567ab56c34aafabd48786d613e76b5

SHA512
74071e7f7baf95a3a3f9bc02007db130410d18e100f2e243aa408279981704747bfa34f547ac071fbed52780cd6704843e900aafe6f3dd8489117a0072465199

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe

Filesize
184KB

MD5
fef1b7503db71f7774706f0609a5eb24

SHA1
1afe9facac6503cd0a22d3cf6d4dea3946717204

SHA256
02f7373c259498ea66980c62d3cf11dac66b5aed174947992925c3b9a0c794f4

SHA512
f240830f97d0330c81f36cc66fbdeafe93636aa0604bbc6450127c8dddf0f600e9bfdf927ce1a8bad0393d7e194314f7c75491a0a19b1905898602869c2330b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43735.exe

Filesize
184KB

MD5
4bca4dc59268eabd8e8c3df3de6f6df9

SHA1
24390262ceee9b04b796c475b4851b34bd8cd224

SHA256
206b9155a826ebd6efa0b6e4c579338a51b0968dc4b8909355b8ed4a185c47e0

SHA512
62fa3e967fbefeae5df80fbe62ea32acecbe5e12f6b663c07bfc8f9cee3668ca4cfe285b114f9b9dfbcbad138fd3f406de693d4d30f6e40b3a04fa4d7268aba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe

Filesize
184KB

MD5
bea3031e15351a806b1c6aedb7d63da7

SHA1
905cd1860290d24849ea8b8bac6b540bf08c3f48

SHA256
cebeae748012a8fea6b06abf4caee9810c4f9d3a9f0d51ceef67c768a59a8c8a

SHA512
0d3454c927dc7237f8c818f426cba5df6b6af1a1579186de884b781ee092771000a6ced760b62b0404b50002ac0ddd94e066e3c7dd2b1ce51a1e0e78ef574df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe

Filesize
184KB

MD5
06ffff661b3ef558e6d76e4b34aabba8

SHA1
d8a9fad435bfc11ef3ae3587b0328d4eb90af82e

SHA256
f64f18dbabd302d0ce9238c2df1156cc9175a2888df12d404351926a72b84aa8

SHA512
83c0cf4579ff0645afc4fa8c435c2b860e3447a5ceb4799ce9160045d83f1fac5600e01c672256ac0075c40ea5432238a4b3df32e28ec76a4cfef32b5e8887c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe

Filesize
184KB

MD5
97dc07b139b3b47e0877178433c12098

SHA1
e02befa5b9aad77e8607efc1fc9342ca175a2f24

SHA256
291327e2f79b08ea7195fe5f21abf2f167e312124c64a0ac04b54b027ddc9d8c

SHA512
5f5a037b69f4d3c4ff9a48afb2c7c97e9540f95582a460d93623a9d136f274b8d60be4e26314b69b2d0cc61bcb7509a262e9598d713bd9e2e7d5af95c2f17322

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe

Filesize
184KB

MD5
36292fa926cd8b069377d3c0f5cd02bc

SHA1
955d389ea1445f33e94af17b86d21484933806f3

SHA256
953589f8567dd66ffbbf063f8077698b25c32004243fd94775bf2ce6c4644046

SHA512
a9153aca94f7c591e60ec99eca8cfa4e5a29a58c397b19c061cedfd1b2733fe482b63fbd2461081c30756b29e87f875e29ecce424c571ad20b677d576e030c0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe

Filesize
184KB

MD5
74b21348371cd62b1e367e03ffce40c0

SHA1
5c953e50e3473860716ea6dffffb1cd32d45308e

SHA256
a10f448165c83fdc3dcc05ca98b921c7cb7ff9efb33c351d26715d540422b4cd

SHA512
eb7245cab36df6f986deac7769cc2fcf82797abbcbecc5e9b3af27b61f54933cda23316ddea56a1231d211b89692b6cb47ae0980b3c7094691168d9ce828e090

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe

Filesize
184KB

MD5
fc645c6da4371f3560cac1b60bc2bf82

SHA1
eac457e9a972c6e083f2e7e6bc74fe04a04a1109

SHA256
f4b350bbd795f39fea941259340805b398a02b28478c587e5f6b2e146c9b905b

SHA512
53daf18033a4c75053c69d95e824695d5c4c2372fdf2b6dd0eae8bc9a04d9052c3dadc98e5811247e43ff3a48faa116664a565574b8956d5cdb21157855f0cb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe

Filesize
184KB

MD5
f95af2d6314b6af06bc91c89a4c6e9d2

SHA1
1bc6b785df93df599bdf4ad25477d17d126ad1bb

SHA256
da85a4be0fa97dbababca2ab0c136069cbd8a367c9df29824b6a91a9b5a95275

SHA512
397a8263e7427c8ef6aa529596a3bec82ec06b2d781ea10408fcf65ff476a597df459d3c9d74b01b80dd5bb74e735f4f61ba3cb88c042e6736f88550a78f74a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe

Filesize
184KB

MD5
4f2a579d3823b10154e801dc581a6eaa

SHA1
7dc20509292cf5eec38d266eeed90fa80076e928

SHA256
55e8b60ec21ca05873e1f61ceb20c380e3025f2d357c47b702687f39dda87b63

SHA512
6bc92670a4cbd806892da79832fc1cb4a3c8a1c787923d366366bb3dfcbdd5853582d10ddaa62696980eb6178ce57826547a53bd68ae5251b5052cddf63d6276

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe

Filesize
184KB

MD5
8bdc3a80c0a8935e66a6e7704ad4009c

SHA1
30791230230ad21cade75c33005db6d02c12c3e4

SHA256
bd1d2bbdd7e83f1d52e041e256e88b2a0d657c66f6c37654491ca1af9fc96421

SHA512
df4ca6776bf326cfe80f35c0bd2019195403a661743579ce819f2a9332968b2361e502deee4cae9dbbbcb5f05af6b4a9d90661870506b0171737579f0d8767c7

Download Submit