ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
Size

184KB
MD5

61cfed2036999083eb511815d52aab5e
SHA1

aef7675492165985e2fcf829ba3fd149c6daffde
SHA256

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3
SHA512

e36a2772d7c968448331f28ca25a1be7a42f223d01daf0a0a8d5f59f8b21e3f647c054f915a3c9c6ee1ebbf6dfd189069e43928c1c89cec5eeddeec576690806
SSDEEP

3072:qoa3HxoT7xGMjGQWeAwLRWsahlnViF7n3:qosow2GQ/LUsahlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-64631.exeUnicorn-36728.exeUnicorn-33198.exeUnicorn-31194.exeUnicorn-10259.exeUnicorn-28807.exeUnicorn-28292.exeUnicorn-15293.exeUnicorn-1879.exeUnicorn-14686.exeUnicorn-16955.exeUnicorn-30830.exeUnicorn-426.exeUnicorn-31117.exeUnicorn-11251.exeUnicorn-31117.exeUnicorn-47261.exeUnicorn-43731.exeUnicorn-30733.exeUnicorn-47069.exeUnicorn-43539.exeUnicorn-64609.exeUnicorn-12948.exeUnicorn-49150.exeUnicorn-65294.exeUnicorn-45237.exeUnicorn-48574.exeUnicorn-32046.exeUnicorn-28516.exeUnicorn-48382.exeUnicorn-64718.exeUnicorn-44853.exeUnicorn-61189.exeUnicorn-45175.exeUnicorn-50907.exeUnicorn-18043.exeUnicorn-63714.exeUnicorn-1514.exeUnicorn-63522.exeUnicorn-30657.exeUnicorn-17659.exeUnicorn-33995.exeUnicorn-13937.exeUnicorn-37368.exeUnicorn-36299.exeUnicorn-32769.exeUnicorn-20840.exeUnicorn-974.exeUnicorn-19771.exeUnicorn-33646.exeUnicorn-53512.exeUnicorn-49983.exeUnicorn-2526.exeUnicorn-32546.exeUnicorn-22428.exeUnicorn-55100.exeUnicorn-2370.exeUnicorn-10860.exeUnicorn-22044.exeUnicorn-59869.exeUnicorn-7139.exeUnicorn-18322.exeUnicorn-56148.exeUnicorn-59293.exe

pid	process
2240	Unicorn-64631.exe
2560	Unicorn-36728.exe
2636	Unicorn-33198.exe
2584	Unicorn-31194.exe
1564	Unicorn-10259.exe
2140	Unicorn-28807.exe
2396	Unicorn-28292.exe
2708	Unicorn-15293.exe
1560	Unicorn-1879.exe
1604	Unicorn-14686.exe
1148	Unicorn-16955.exe
2028	Unicorn-30830.exe
2644	Unicorn-426.exe
776	Unicorn-31117.exe
692	Unicorn-11251.exe
752	Unicorn-31117.exe
2712	Unicorn-47261.exe
1752	Unicorn-43731.exe
2184	Unicorn-30733.exe
2284	Unicorn-47069.exe
688	Unicorn-43539.exe
756	Unicorn-64609.exe
760	Unicorn-12948.exe
872	Unicorn-49150.exe
3040	Unicorn-65294.exe
2320	Unicorn-45237.exe
288	Unicorn-48574.exe
1316	Unicorn-32046.exe
2180	Unicorn-28516.exe
1732	Unicorn-48382.exe
1532	Unicorn-64718.exe
2956	Unicorn-44853.exe
2368	Unicorn-61189.exe
2168	Unicorn-45175.exe
2592	Unicorn-50907.exe
3064	Unicorn-18043.exe
2176	Unicorn-63714.exe
1452	Unicorn-1514.exe
1556	Unicorn-63522.exe
1860	Unicorn-30657.exe
292	Unicorn-17659.exe
1624	Unicorn-33995.exe
2148	Unicorn-13937.exe
1240	Unicorn-37368.exe
2980	Unicorn-36299.exe
1236	Unicorn-32769.exe
2460	Unicorn-20840.exe
2768	Unicorn-974.exe
1412	Unicorn-19771.exe
948	Unicorn-33646.exe
544	Unicorn-53512.exe
2008	Unicorn-49983.exe
3016	Unicorn-2526.exe
1856	Unicorn-32546.exe
2968	Unicorn-22428.exe
2948	Unicorn-55100.exe
2996	Unicorn-2370.exe
2976	Unicorn-10860.exe
2524	Unicorn-22044.exe
3020	Unicorn-59869.exe
2464	Unicorn-7139.exe
2924	Unicorn-18322.exe
1212	Unicorn-56148.exe
548	Unicorn-59293.exe

Loads dropped DLL 64 IoCs

Processes:

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exeUnicorn-64631.exeWerFault.exeUnicorn-36728.exeWerFault.exeUnicorn-31194.exeUnicorn-10259.exeWerFault.exeUnicorn-28807.exeUnicorn-15293.exeUnicorn-28292.exeWerFault.exeWerFault.exeUnicorn-14686.exeUnicorn-1879.exeUnicorn-426.exeUnicorn-30830.exe

pid	process
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2240	Unicorn-64631.exe
2240	Unicorn-64631.exe
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2560	Unicorn-36728.exe
2560	Unicorn-36728.exe
2240	Unicorn-64631.exe
2240	Unicorn-64631.exe
2448	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
2584	Unicorn-31194.exe
2584	Unicorn-31194.exe
2560	Unicorn-36728.exe
2560	Unicorn-36728.exe
1564	Unicorn-10259.exe
1564	Unicorn-10259.exe
1008	WerFault.exe
1008	WerFault.exe
1008	WerFault.exe
1008	WerFault.exe
1008	WerFault.exe
2140	Unicorn-28807.exe
2140	Unicorn-28807.exe
2584	Unicorn-31194.exe
2584	Unicorn-31194.exe
2708	Unicorn-15293.exe
2708	Unicorn-15293.exe
1564	Unicorn-10259.exe
1564	Unicorn-10259.exe
2396	Unicorn-28292.exe
2396	Unicorn-28292.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
2140	Unicorn-28807.exe
1604	Unicorn-14686.exe
1604	Unicorn-14686.exe
1560	Unicorn-1879.exe
2140	Unicorn-28807.exe
1560	Unicorn-1879.exe
2644	Unicorn-426.exe
2644	Unicorn-426.exe
2396	Unicorn-28292.exe
2396	Unicorn-28292.exe
2028	Unicorn-30830.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2696	2004	WerFault.exe	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2448	2636	WerFault.exe	Unicorn-33198.exe
1640	2240	WerFault.exe	Unicorn-64631.exe
1008	2560	WerFault.exe	Unicorn-36728.exe
1844	2584	WerFault.exe	Unicorn-31194.exe
1740	1564	WerFault.exe	Unicorn-10259.exe
1536	2140	WerFault.exe	Unicorn-28807.exe
1468	2708	WerFault.exe	Unicorn-15293.exe
1304	2396	WerFault.exe	Unicorn-28292.exe
2572	1560	WerFault.exe	Unicorn-1879.exe
2588	2644	WerFault.exe	Unicorn-426.exe
2424	2028	WerFault.exe	Unicorn-30830.exe
2684	1148	WerFault.exe	Unicorn-16955.exe
1364	3040	WerFault.exe	Unicorn-65294.exe
1848	752	WerFault.exe	Unicorn-31117.exe
2068	692	WerFault.exe	Unicorn-11251.exe
900	776	WerFault.exe	Unicorn-31117.exe
604	1752	WerFault.exe	Unicorn-43731.exe
560	2712	WerFault.exe	Unicorn-47261.exe
1668	2184	WerFault.exe	Unicorn-30733.exe
3036	688	WerFault.exe	Unicorn-43539.exe
2960	760	WerFault.exe	Unicorn-12948.exe
2512	756	WerFault.exe	Unicorn-64609.exe
2624	872	WerFault.exe	Unicorn-49150.exe
2576	2320	WerFault.exe	Unicorn-45237.exe
1524	288	WerFault.exe	Unicorn-48574.exe
1124	2180	WerFault.exe	Unicorn-28516.exe
2408	1316	WerFault.exe	Unicorn-32046.exe
2600	1732	WerFault.exe	Unicorn-48382.exe
1580	2368	WerFault.exe	Unicorn-61189.exe
2300	2168	WerFault.exe	Unicorn-45175.exe
2304	2956	WerFault.exe	Unicorn-44853.exe
2648	2592	WerFault.exe	Unicorn-50907.exe
1528	2176	WerFault.exe	Unicorn-63714.exe
3100	3064	WerFault.exe	Unicorn-18043.exe
3152	1860	WerFault.exe	Unicorn-30657.exe
3160	1452	WerFault.exe	Unicorn-1514.exe
3168	1624	WerFault.exe	Unicorn-33995.exe
3248	1556	WerFault.exe	Unicorn-63522.exe
3308	292	WerFault.exe	Unicorn-17659.exe
3300	2148	WerFault.exe	Unicorn-13937.exe
3380	1240	WerFault.exe	Unicorn-37368.exe
3424	2008	WerFault.exe	Unicorn-49983.exe
3416	2768	WerFault.exe	Unicorn-974.exe
3456	1412	WerFault.exe	Unicorn-19771.exe
3464	2460	WerFault.exe	Unicorn-20840.exe
3520	1236	WerFault.exe	Unicorn-32769.exe
3528	544	WerFault.exe	Unicorn-53512.exe
3536	948	WerFault.exe	Unicorn-33646.exe
3564	2980	WerFault.exe	Unicorn-36299.exe
3952	3572	WerFault.exe	Unicorn-16849.exe
3916	2204	WerFault.exe	Unicorn-518.exe
3824	2232	WerFault.exe	Unicorn-62116.exe
3864	2928	WerFault.exe	Unicorn-17130.exe
4092	2092	WerFault.exe	Unicorn-65453.exe
3196	2808	WerFault.exe	Unicorn-46657.exe
3712	3016	WerFault.exe	Unicorn-2526.exe
3688	788	WerFault.exe	Unicorn-62801.exe
3348	2968	WerFault.exe	Unicorn-22428.exe
3108	356	WerFault.exe	Unicorn-58904.exe
4168	2872	WerFault.exe	Unicorn-31681.exe
4176	2996	WerFault.exe	Unicorn-2370.exe
4220	336	WerFault.exe	Unicorn-61701.exe
4228	2336	WerFault.exe	Unicorn-39043.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exeUnicorn-64631.exeUnicorn-36728.exeUnicorn-33198.exeUnicorn-31194.exeUnicorn-10259.exeUnicorn-28807.exeUnicorn-15293.exeUnicorn-28292.exeUnicorn-1879.exeUnicorn-14686.exeUnicorn-426.exeUnicorn-16955.exeUnicorn-30830.exeUnicorn-31117.exeUnicorn-11251.exeUnicorn-31117.exeUnicorn-43731.exeUnicorn-47261.exeUnicorn-30733.exeUnicorn-47069.exeUnicorn-43539.exeUnicorn-64609.exeUnicorn-12948.exeUnicorn-49150.exeUnicorn-65294.exeUnicorn-45237.exeUnicorn-48574.exeUnicorn-32046.exeUnicorn-28516.exeUnicorn-48382.exeUnicorn-64718.exeUnicorn-45175.exeUnicorn-61189.exeUnicorn-44853.exeUnicorn-50907.exeUnicorn-18043.exeUnicorn-63714.exeUnicorn-1514.exeUnicorn-63522.exeUnicorn-30657.exeUnicorn-33995.exeUnicorn-17659.exeUnicorn-13937.exeUnicorn-37368.exeUnicorn-32769.exeUnicorn-20840.exeUnicorn-36299.exeUnicorn-33646.exeUnicorn-974.exeUnicorn-53512.exeUnicorn-19771.exeUnicorn-49983.exeUnicorn-2526.exeUnicorn-32546.exeUnicorn-22428.exeUnicorn-55100.exeUnicorn-2370.exeUnicorn-10860.exeUnicorn-22044.exeUnicorn-59869.exeUnicorn-7139.exeUnicorn-18322.exeUnicorn-56148.exe

pid	process
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2240	Unicorn-64631.exe
2560	Unicorn-36728.exe
2636	Unicorn-33198.exe
2584	Unicorn-31194.exe
1564	Unicorn-10259.exe
2140	Unicorn-28807.exe
2708	Unicorn-15293.exe
2396	Unicorn-28292.exe
1560	Unicorn-1879.exe
1604	Unicorn-14686.exe
2644	Unicorn-426.exe
1148	Unicorn-16955.exe
2028	Unicorn-30830.exe
776	Unicorn-31117.exe
692	Unicorn-11251.exe
752	Unicorn-31117.exe
1752	Unicorn-43731.exe
2712	Unicorn-47261.exe
2184	Unicorn-30733.exe
2284	Unicorn-47069.exe
688	Unicorn-43539.exe
756	Unicorn-64609.exe
760	Unicorn-12948.exe
872	Unicorn-49150.exe
3040	Unicorn-65294.exe
2320	Unicorn-45237.exe
288	Unicorn-48574.exe
1316	Unicorn-32046.exe
2180	Unicorn-28516.exe
1732	Unicorn-48382.exe
1532	Unicorn-64718.exe
2168	Unicorn-45175.exe
2368	Unicorn-61189.exe
2956	Unicorn-44853.exe
2592	Unicorn-50907.exe
3064	Unicorn-18043.exe
2176	Unicorn-63714.exe
1452	Unicorn-1514.exe
1556	Unicorn-63522.exe
1860	Unicorn-30657.exe
1624	Unicorn-33995.exe
292	Unicorn-17659.exe
2148	Unicorn-13937.exe
1240	Unicorn-37368.exe
1236	Unicorn-32769.exe
2460	Unicorn-20840.exe
2980	Unicorn-36299.exe
948	Unicorn-33646.exe
2768	Unicorn-974.exe
544	Unicorn-53512.exe
1412	Unicorn-19771.exe
2008	Unicorn-49983.exe
3016	Unicorn-2526.exe
1856	Unicorn-32546.exe
2968	Unicorn-22428.exe
2948	Unicorn-55100.exe
2996	Unicorn-2370.exe
2976	Unicorn-10860.exe
2524	Unicorn-22044.exe
3020	Unicorn-59869.exe
2464	Unicorn-7139.exe
2924	Unicorn-18322.exe
1212	Unicorn-56148.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exeUnicorn-64631.exeUnicorn-33198.exeUnicorn-36728.exeUnicorn-31194.exeUnicorn-10259.exeUnicorn-28807.exeUnicorn-15293.exe

description	pid	process	target process
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe

C:\Users\Admin\AppData\Local\Temp\ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
"C:\Users\Admin\AppData\Local\Temp\ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        12⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        13⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        14⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 220
        15⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
        14⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        13⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        12⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        11⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        12⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        13⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        14⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        15⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        15⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        14⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 236
        13⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        12⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        10⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        11⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        12⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
        13⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        14⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        15⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
        14⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        13⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        12⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        11⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        10⤵
        Program crash
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        12⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        13⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        14⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
        14⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        13⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        12⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        11⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        10⤵
        Program crash
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        9⤵
        Program crash
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        10⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        11⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        12⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        13⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        14⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        15⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
        15⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        14⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        13⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        12⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
        11⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17726.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
        11⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        12⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        13⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        14⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
        14⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        13⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        12⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        11⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        10⤵
        Program crash
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        10⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        11⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
        12⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        13⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        14⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
        14⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        13⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        10⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        9⤵
        Program crash
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
        8⤵
        Program crash
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        10⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        11⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        12⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        13⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        14⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
        14⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        13⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        11⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        10⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        9⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        11⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        12⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        13⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
        14⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 236
        14⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        13⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
        12⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        11⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        10⤵
        Program crash
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        9⤵
        Program crash
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        10⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        11⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        12⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        13⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        14⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
        14⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        13⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        12⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        11⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        10⤵
        Program crash
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57661.exe
        11⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
        12⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        13⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
        13⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        11⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        9⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
        8⤵
        Program crash
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        11⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        12⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        13⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        14⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        15⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
        15⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        14⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        13⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        12⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        11⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        11⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        12⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
        13⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        14⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
        14⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        13⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        12⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        10⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        11⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        12⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        13⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        14⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        14⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        13⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        12⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
        10⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        9⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        9⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 188
        10⤵
        Program crash
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        8⤵
        Program crash
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        8⤵
        Executes dropped EXE
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        9⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        10⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        11⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        12⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        13⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 236
        12⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        11⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        11⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        12⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 236
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        11⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 216
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        8⤵
        Program crash
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        7⤵
        Program crash
        
        PID:2068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        6⤵
        Program crash
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        8⤵
        Program crash
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        11⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        11⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
        12⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 236
        13⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        12⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
        11⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        10⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        12⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
        13⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 220
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
        11⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
        9⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        8⤵
        Program crash
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        7⤵
        Program crash
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
        12⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
        9⤵
        Program crash
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 216
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 188
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        11⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        10⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        11⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 236
        12⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        8⤵
        Program crash
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        7⤵
        Program crash
        
        PID:2576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
        11⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        12⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        13⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
        14⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        15⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 236
        15⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        14⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        13⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        12⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
        11⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        11⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        12⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        13⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        14⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
        14⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        13⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        12⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        11⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        12⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        13⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        14⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        14⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        13⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        12⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        11⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        10⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        9⤵
        Program crash
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        9⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        11⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        12⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        13⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        14⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
        14⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        13⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        12⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        11⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        10⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
        11⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        12⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        13⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        12⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        8⤵
        Program crash
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        9⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        10⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        11⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        12⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
        13⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        14⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 236
        14⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        13⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        12⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        11⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        10⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        9⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        11⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        12⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        13⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 236
        13⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 240
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        9⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        8⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        7⤵
        Program crash
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        11⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        8⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
        7⤵
        Program crash
        
        PID:2304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        6⤵
        Program crash
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        11⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        12⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        13⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        14⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
        14⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        13⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        12⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        11⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        12⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        13⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11380 -s 236
        13⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        11⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
        11⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        12⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 236
        12⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        8⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
        11⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 200
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        10⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        11⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        12⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
        12⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        11⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        10⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        8⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
        7⤵
        Program crash
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        8⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
        10⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
        12⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        13⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
        13⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        12⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        10⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11644.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        10⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        10⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        11⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
        12⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
        12⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        11⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 220
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        10⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        11⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        11⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
        10⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 220
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        8⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        7⤵
        Program crash
        
        PID:3300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        6⤵
        Program crash
        
        PID:604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        5⤵
        Program crash
        
        PID:1304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        12⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        13⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        14⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
        14⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        13⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        11⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        10⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        10⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        11⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        13⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        14⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        14⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        13⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        12⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        10⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        9⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        10⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        11⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        12⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        13⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        14⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
        13⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 236
        12⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        11⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        11⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        13⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
        13⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        12⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        11⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        10⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        9⤵
        Program crash
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        8⤵
        Program crash
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        11⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        12⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        13⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        14⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
        14⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        12⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        11⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        12⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
        13⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        12⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        10⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        11⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        12⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11808 -s 236
        13⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        9⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        8⤵
        Program crash
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        10⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        12⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        13⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        14⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 236
        14⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 220
        13⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        12⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        11⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        12⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        13⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 220
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 220
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        11⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        12⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        13⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
        13⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 236
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        11⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        8⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        10⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        11⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        12⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        13⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        11⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        8⤵
        Program crash
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
        7⤵
        Program crash
        
        PID:1124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        6⤵
        Program crash
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        9⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        11⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        12⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
        13⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        14⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        14⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
        13⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        12⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        11⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        12⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 220
        13⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        12⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        11⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        10⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
        8⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        12⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        13⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
        13⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        10⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        11⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        12⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        11⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        7⤵
        Program crash
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        10⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        11⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        12⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 236
        12⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        10⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        8⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
        7⤵
        Program crash
        
        PID:3424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        6⤵
        Program crash
        
        PID:3036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        5⤵
        Program crash
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        11⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        13⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        12⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        11⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 216
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        10⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        10⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
        11⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
        11⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        10⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        8⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        6⤵
        Program crash
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        11⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        12⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11448 -s 216
        13⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        11⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 220
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        10⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
        11⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        10⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
        9⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        8⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 220
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        10⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        11⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        12⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        11⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        10⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        8⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        7⤵
        Program crash
        
        PID:3196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        6⤵
        Program crash
        
        PID:1580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Program crash
        
        PID:2424
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
  2⤵
  - Program crash
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe

Filesize
184KB

MD5
fc41e98e33d4e7155b9784d67d7fd364

SHA1
b777189f13a3b7374e9aa66b1d60f26bff193246

SHA256
157173c5d3b4ef44d5b105fa49d4bb7499e82017e5ceafdf96d9c1b8681b89d2

SHA512
a978c37eabeab810cfa86e5e6d38be5acfc694e082a78df495c5d79d8237af55f2210f18393e6fa28e137362b070445d9f232d5d47ea57ee46e499d9451c5c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe

Filesize
184KB

MD5
fffe87c3690e9f00c173c582c6549605

SHA1
476a051242ee4d6c9222a7aaaceea8be33e568c2

SHA256
7edc8b0471119223741a841891eac896aa28c9de00bb1612389dcc64b0afd674

SHA512
d0faf3d5a25745f0bb4efee52a6649fc7e89cb913a2fec1e1be68c5dff5f47b74e11c5c11185d4c71bf90775ecd2cfcac951591c60bf69aa12306cd5446723b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe

Filesize
184KB

MD5
17ff30a2cc43c9fbab6f4abf9277e01e

SHA1
a984732b83b52dc4621387d78226b4982719ed83

SHA256
7a495fea8c54de267c20a688c8dcdc5e67f0adaa9b0fdecc04cda5b76f88ca16

SHA512
30dad0c34159d3e88470e4ab4e6f480a0261cee4e364a133e60eb0aa6820c2beca648868c8df0c3353c477c970ca9727d4731fd050024d09269187529f994e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe

Filesize
184KB

MD5
e16d489a77698418844bd7b5d692a05e

SHA1
776dc6d7c524c435db281c188a4285d237453e9f

SHA256
27ab8334b4c696e47c3d5eeb5cf069a0eb56b766be3fb1cb587787f6bca625c2

SHA512
4bf4f1e15f66c85313b64115a4bace0f9ea294b180f53b6402e297b80b82041ed85600a4b86aac2af6299ddf0ddccd12f565ca3a370c65e11cc20af582050696

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe

Filesize
184KB

MD5
f227a7d0a6eeb351396d12b14705e591

SHA1
20ebedae54071b4f1c2369899486d81e3a27c561

SHA256
d6415f3cb18e7f0fc407aaa2f807df41c26e932e11f22d172518839c1fd21c18

SHA512
9147f3727716379f9c0ee2148246ae516bfea930830ab79487e48ddb8d011499080634d8473dcb7d3af4c946d842f7b334610570b75489326cc914379ef2a1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe

Filesize
184KB

MD5
716ac90874f4e00580a5acf99338c409

SHA1
61eb1dba2f5edcc4db80054dfc7b91b9374b9dd9

SHA256
29dbdb1a07ece6cc718d83f83e7cafc38e9a4a222bfc8c59ce6f0ef9488ba565

SHA512
267379ac25a545ae1ece725e7bbb5acc3944669766c56c42262a5a211fd51f1c8447bf759cff977938437ee8c2cf4247c5568edce8a134efffc99fc0713423e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe

Filesize
184KB

MD5
2d5bad3dd276eee3411a305e812308e0

SHA1
74b4bcb909bf08a7d087bd6c6028d8508793fc78

SHA256
d132dd7059cb5f142086f862a69a3945a437b2cb014b473328ad508258359bc7

SHA512
0f381e9cfc61124d6012ce70f9dce25131ce02a269ecc24b425218fb9e0b47a64eab23bf18ef343a7ab75d214478a2de0643f01c1d582d8ff164a761da253d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe

Filesize
184KB

MD5
a946028155b0279c6f98e9904a267481

SHA1
eab976f7fb3464da1e647e0d29335597e8a67a46

SHA256
36c86c19ff2d50766ed2701fa1452704dddb22e26d26d0d81eb90d4177bbebbd

SHA512
79d28149f3fb412884de1994116ead7ff373672e8939efc197cf3e714179979f6eec61876c1571ec7eaa877cabb255eead92c521a50e1ebf15b96a94ebe02265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe

Filesize
184KB

MD5
be57cf50bb4452ab339bdeb61505e7f9

SHA1
deabedd519a589d7748d58371fd29632bedc92cd

SHA256
9cac430cb3b8605e8839622f2b3b1daa94dd96cec1b4b22e1aa204fd8a3e2172

SHA512
658f50d0a8c7c1b90dab0e063758cef6237dee2e9e01081eeeea68b19f1b31cc6e5f01d31470b84afc4c26628f11075754a9f24866e81e5fa7ecfab1b0b2753d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe

Filesize
184KB

MD5
5f5ffbd9760d726d09ffee89b070bd35

SHA1
eda124afa6f223a6e941ac023ba54d880003bedf

SHA256
cd1936d2ac9bd36b2a9006baac18487a18ecc9be0c0021d03a8a6df2cd229977

SHA512
074e36088fc94154d7efb0546adfa0841a925d7fdbd163e64243926297fd3f4bb75698e5c5303671787a3743f89511179dc1d67185155ff377322576d94eaa2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe

Filesize
184KB

MD5
524b847d98304155d2c3dd4bdb0c2b20

SHA1
f116ac49003c562fbeef20c684a0f22c239a5137

SHA256
389595abe64de33b63f4436788904534196ba6249048359c76bc12ff86e0a47b

SHA512
33b329ae3db3f5625ce2e518bc4d0995c4a08f59a47e0be9c866b894d9e3a31b8653e56d8c8bcbaf3c0b4d342ce64e64492bfd604e5828800b618815c30e99e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe

Filesize
184KB

MD5
b6bc46dca9e9351c4c620a8606d0a1d7

SHA1
7b02b4ee18e5b6a1a547bfbf07e1ae73dea9994d

SHA256
453c16c1688fc66bf5016581942717fbad39a8db209782062f28d5b2b7aaccb1

SHA512
ea501ed9eaf43a78cc131195c1202c13fb19087599be976f062646415a59fe0330d2a3ef58e92466c6e0086e756b90fd09fd82914bf036fafb0ece51d9f00a90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe

Filesize
184KB

MD5
b4e70bc88c3645bcdd3e650ee038c092

SHA1
e85de01150925352c3e75a36157470df1090d8bb

SHA256
9af2d608231172bf5bb40bb49f0e04af80415a781410c32d43595481720353fb

SHA512
1d67050ff1e03f105b132af0a4a86996f0219f7ea536b740ddba55aef269f4439ed2591891c55f985ecd44c793d091eb4f0264ba5ce17f57b31aab8085bd2369

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe

Filesize
184KB

MD5
be4ff74037739eee11314014612a453c

SHA1
51cffe8456bee994c2964651a22ffb32a94ab64b

SHA256
0ec93627e4200b5124e67ef66e152b711edd5ec67163a2025436d7026611c385

SHA512
64293c315a8e21ee3f8eba5b385f68916f751652ed354501c2ad435eafba4968a4b23114bc9911ca18c822375f86478aad4f710aed1f0b7a280d25610f88ac15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe

Filesize
184KB

MD5
9b0e999726c2dfaed51f5b45c9cfdf4e

SHA1
af7159e2cff506e358c02bb8b307692ad9247b6e

SHA256
b891e007e6347a3e20c54526ef94796fad562defafbc34ed88a82b8214d8aec3

SHA512
d0286ecd29216d0f243f7bca75579976e962a82c504338bfccdc140e0e8cb45ef7228b69a5f0287ab547d411bf48a099c6f0ff5a3f06cfe0201c8f73a385219a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe

Filesize
184KB

MD5
4d5569dc3bb292f00754b76206a7f469

SHA1
b7256273f545dd35622bd0dc9dc8d39b8e8455e3

SHA256
c9543c6c937f3236bc069d45189931cd585ed87d5d8530b5b59513f4841a4cf7

SHA512
5a3aa1bfa02911926e8de062e8f436ad58f8ae9b4c7ff4b6d96c5151b71c602a0b9a119b876cb0b343f3831478960a34ad9984090143567cfd5c3dadcae5a005

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe

Filesize
184KB

MD5
01143152f3e6178798f31e37b64661b7

SHA1
a3adbc73421f08f7cc020ed51a14a022aae690f8

SHA256
f260ee0924ef9e4b40e5444211437ed37dc87c93316bdbb53c54e12dd7b45249

SHA512
35ec260ce477f0c269d61441fd7e32f44c48df9895802dc664fefb2582f85c1da4cf8b0567ecc3e391c80cfee83b2442f2a81feacb7fc6e3e96cc4b90c740157

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe

Filesize
184KB

MD5
76d8146e5c386d9220f109e95968a765

SHA1
96adaaa6a19708ac0b95ea140cca5cc52d80e102

SHA256
47af129d8ba43313c10f92aed4eb38f2c75bcc804292b89de25654e578d62e76

SHA512
ecaf91d095e3a015ab8d61fcd4d0d4863cc6fc07c701c15db604661e66aa5bd6f7b063592e6bfad6d53d0a69713cd4454df9c263cfc77d00a5197bb786800eba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-426.exe

Filesize
184KB

MD5
e08fd48f5cc69c5fcde41a7a168ef3fe

SHA1
2bf1b5be4241b15b42035624542e21bdfa0ab995

SHA256
3dbcc6fdc758790550cbaa733e9799f04e5f44cb79a3437f38e05953024a1622

SHA512
1c602df8027b1ca65ef889d9cc062577ca63feaf718ed9f730b384657e2e50ad30f3a102683a87e67e2b9d6310597285e7de20e593fa4bf7989aa45a269d2654

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe

Filesize
184KB

MD5
32eafd7cab8ef7a570558b41faafb47e

SHA1
e4dcb165f1c776f987463dfa2d1b87f38a57b672

SHA256
fb7414ecc0bb8418dc6f629923bd94ae05a4e4d361afa45dca7d46197f3602a6

SHA512
36a7e9d7f285885a6499366dffafbd64f4441edad0e2eae030df48e212c06937632aab4b49e6afc93c271a11ea66cf0fc8e070957e5bc86008782ddc7acb57f3

Download Submit