ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
Size

184KB
MD5

2eab20336749d89c7d48aa2583c4f3be
SHA1

ece0ed87fbf638ef8dcaa884d67aeb305bf81a1b
SHA256

ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749
SHA512

2cd4077a87887851359213478f4951cdcf311f4fa9e8ca6b26e9f8c0beffad988e5041ff6fc3995fe1d3d9b7be5737e9bf0e93a9690e7815be93ca4e8262a119
SSDEEP

1536:WBUE6jZuseuUo5x1iGSAjzwMjM9yvBc8amdWjELu2kbytrhl5hj5nizpvb:6q5euUofQGSwdjaW2BELuLQrhlnViFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-57499.exeUnicorn-38797.exeUnicorn-18931.exeUnicorn-7821.exeUnicorn-52424.exeUnicorn-6752.exeUnicorn-42251.exeUnicorn-38721.exeUnicorn-55058.exeUnicorn-58587.exeUnicorn-7938.exeUnicorn-60284.exeUnicorn-7554.exeUnicorn-43756.exeUnicorn-60092.exeUnicorn-27420.exeUnicorn-40226.exeUnicorn-21489.exeUnicorn-7456.exeUnicorn-20263.exeUnicorn-23601.exeUnicorn-57342.exeUnicorn-56273.exeUnicorn-36407.exeUnicorn-56273.exeUnicorn-52744.exeUnicorn-20948.exeUnicorn-40814.exeUnicorn-23378.exeUnicorn-19848.exeUnicorn-29730.exeUnicorn-26200.exeUnicorn-62402.exeUnicorn-25947.exeUnicorn-9096.exeUnicorn-61634.exeUnicorn-42091.exeUnicorn-22225.exeUnicorn-25240.exeUnicorn-45106.exeUnicorn-25563.exeUnicorn-5697.exeUnicorn-41899.exeUnicorn-57903.exeUnicorn-25039.exeUnicorn-24581.exeUnicorn-28412.exeUnicorn-7477.exeUnicorn-27343.exeUnicorn-11883.exeUnicorn-56486.exeUnicorn-7778.exeUnicorn-27644.exeUnicorn-59859.exeUnicorn-10466.exeUnicorn-29948.exeUnicorn-15043.exeUnicorn-34909.exeUnicorn-34909.exeUnicorn-42562.exeUnicorn-42562.exeUnicorn-62428.exeUnicorn-62428.exeUnicorn-51053.exe

pid	process
2976	Unicorn-57499.exe
1288	Unicorn-38797.exe
2024	Unicorn-18931.exe
2556	Unicorn-7821.exe
2460	Unicorn-52424.exe
2736	Unicorn-6752.exe
304	Unicorn-42251.exe
2996	Unicorn-38721.exe
2816	Unicorn-55058.exe
2532	Unicorn-58587.exe
2836	Unicorn-7938.exe
1644	Unicorn-60284.exe
2116	Unicorn-7554.exe
2936	Unicorn-43756.exe
1916	Unicorn-60092.exe
1808	Unicorn-27420.exe
2244	Unicorn-40226.exe
2404	Unicorn-21489.exe
1404	Unicorn-7456.exe
2036	Unicorn-20263.exe
2144	Unicorn-23601.exe
1556	Unicorn-57342.exe
968	Unicorn-56273.exe
624	Unicorn-36407.exe
1952	Unicorn-56273.exe
2808	Unicorn-52744.exe
932	Unicorn-20948.exe
2220	Unicorn-40814.exe
2280	Unicorn-23378.exe
2960	Unicorn-19848.exe
1328	Unicorn-29730.exe
2764	Unicorn-26200.exe
2652	Unicorn-62402.exe
2900	Unicorn-25947.exe
2576	Unicorn-9096.exe
2668	Unicorn-61634.exe
2716	Unicorn-42091.exe
2660	Unicorn-22225.exe
3004	Unicorn-25240.exe
2852	Unicorn-45106.exe
2160	Unicorn-25563.exe
2092	Unicorn-5697.exe
2252	Unicorn-41899.exe
2784	Unicorn-57903.exe
2320	Unicorn-25039.exe
1788	Unicorn-24581.exe
1944	Unicorn-28412.exe
488	Unicorn-7477.exe
284	Unicorn-27343.exe
344	Unicorn-11883.exe
2124	Unicorn-56486.exe
1368	Unicorn-7778.exe
1664	Unicorn-27644.exe
2516	Unicorn-59859.exe
3064	Unicorn-10466.exe
928	Unicorn-29948.exe
2400	Unicorn-15043.exe
2956	Unicorn-34909.exe
1612	Unicorn-34909.exe
1600	Unicorn-42562.exe
2760	Unicorn-42562.exe
2624	Unicorn-62428.exe
1340	Unicorn-62428.exe
2528	Unicorn-51053.exe

Loads dropped DLL 64 IoCs

Processes:

ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exeUnicorn-57499.exeUnicorn-38797.exeUnicorn-18931.exeWerFault.exeUnicorn-7821.exeUnicorn-52424.exeWerFault.exeWerFault.exeUnicorn-6752.exeUnicorn-42251.exeUnicorn-38721.exeUnicorn-55058.exeUnicorn-58587.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
2976	Unicorn-57499.exe
2976	Unicorn-57499.exe
2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
1288	Unicorn-38797.exe
2024	Unicorn-18931.exe
1288	Unicorn-38797.exe
2976	Unicorn-57499.exe
2976	Unicorn-57499.exe
2024	Unicorn-18931.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2556	Unicorn-7821.exe
2556	Unicorn-7821.exe
1288	Unicorn-38797.exe
1288	Unicorn-38797.exe
2024	Unicorn-18931.exe
2024	Unicorn-18931.exe
2460	Unicorn-52424.exe
2460	Unicorn-52424.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2524	WerFault.exe
2696	WerFault.exe
2736	Unicorn-6752.exe
2736	Unicorn-6752.exe
304	Unicorn-42251.exe
304	Unicorn-42251.exe
2556	Unicorn-7821.exe
2556	Unicorn-7821.exe
2996	Unicorn-38721.exe
2816	Unicorn-55058.exe
2996	Unicorn-38721.exe
2816	Unicorn-55058.exe
2460	Unicorn-52424.exe
2460	Unicorn-52424.exe
2532	Unicorn-58587.exe
2532	Unicorn-58587.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
1504	WerFault.exe
1504	WerFault.exe
1504	WerFault.exe
1504	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
704	WerFault.exe
1500	WerFault.exe
1504	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2628	2304	WerFault.exe	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
2608	2976	WerFault.exe	Unicorn-57499.exe
2524	1288	WerFault.exe	Unicorn-38797.exe
2696	2024	WerFault.exe	Unicorn-18931.exe
704	2556	WerFault.exe	Unicorn-7821.exe
1500	2460	WerFault.exe	Unicorn-52424.exe
1504	2736	WerFault.exe	Unicorn-6752.exe
1740	304	WerFault.exe	Unicorn-42251.exe
1628	2996	WerFault.exe	Unicorn-38721.exe
1608	2816	WerFault.exe	Unicorn-55058.exe
1724	2532	WerFault.exe	Unicorn-58587.exe
1604	1644	WerFault.exe	Unicorn-60284.exe
2396	2116	WerFault.exe	Unicorn-7554.exe
1332	1916	WerFault.exe	Unicorn-60092.exe
1964	2936	WerFault.exe	Unicorn-43756.exe
1300	2244	WerFault.exe	Unicorn-40226.exe
1548	1808	WerFault.exe	Unicorn-27420.exe
2820	2404	WerFault.exe	Unicorn-21489.exe
2560	1404	WerFault.exe	Unicorn-7456.exe
2164	2036	WerFault.exe	Unicorn-20263.exe
2156	1556	WerFault.exe	Unicorn-57342.exe
112	968	WerFault.exe	Unicorn-56273.exe
2208	1952	WerFault.exe	Unicorn-56273.exe
2132	932	WerFault.exe	Unicorn-20948.exe
1420	2144	WerFault.exe	Unicorn-23601.exe
1560	2220	WerFault.exe	Unicorn-40814.exe
972	624	WerFault.exe	Unicorn-36407.exe
1040	2808	WerFault.exe	Unicorn-52744.exe
2940	2960	WerFault.exe	Unicorn-19848.exe
584	2280	WerFault.exe	Unicorn-23378.exe
2492	1328	WerFault.exe	Unicorn-29730.exe
2468	2764	WerFault.exe	Unicorn-26200.exe
2876	2652	WerFault.exe	Unicorn-62402.exe
1520	2900	WerFault.exe	Unicorn-25947.exe
2324	2668	WerFault.exe	Unicorn-61634.exe
2928	2716	WerFault.exe	Unicorn-42091.exe
1864	2852	WerFault.exe	Unicorn-45106.exe
2508	2092	WerFault.exe	Unicorn-5697.exe
2812	3004	WerFault.exe	Unicorn-25240.exe
3088	2576	WerFault.exe	Unicorn-9096.exe
3112	2160	WerFault.exe	Unicorn-25563.exe
3120	2660	WerFault.exe	Unicorn-22225.exe
3160	2252	WerFault.exe	Unicorn-41899.exe
4048	2784	WerFault.exe	Unicorn-57903.exe
4080	2320	WerFault.exe	Unicorn-25039.exe
1524	1788	WerFault.exe	Unicorn-24581.exe
3528	2756	WerFault.exe	Unicorn-47332.exe
3836	3484	WerFault.exe	Unicorn-41377.exe
3920	2124	WerFault.exe	Unicorn-56486.exe
3928	2516	WerFault.exe	Unicorn-59859.exe
3884	3064	WerFault.exe	Unicorn-10466.exe
3316	284	WerFault.exe	Unicorn-27343.exe
3392	2688	WerFault.exe	Unicorn-18493.exe
3440	1944	WerFault.exe	Unicorn-28412.exe
3456	1600	WerFault.exe	Unicorn-42562.exe
3656	1688	WerFault.exe	Unicorn-18685.exe
3736	2436	WerFault.exe	Unicorn-9506.exe
3820	1320	WerFault.exe	Unicorn-2986.exe
3968	2632	WerFault.exe	Unicorn-22660.exe
3976	2488	WerFault.exe	Unicorn-34013.exe
3404	2964	WerFault.exe	Unicorn-39271.exe
4188	2908	WerFault.exe	Unicorn-50542.exe
4204	1340	WerFault.exe	Unicorn-62428.exe
4312	848	WerFault.exe	Unicorn-31299.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exeUnicorn-57499.exeUnicorn-38797.exeUnicorn-18931.exeUnicorn-7821.exeUnicorn-52424.exeUnicorn-6752.exeUnicorn-42251.exeUnicorn-38721.exeUnicorn-58587.exeUnicorn-55058.exeUnicorn-7938.exeUnicorn-60284.exeUnicorn-7554.exeUnicorn-60092.exeUnicorn-43756.exeUnicorn-27420.exeUnicorn-40226.exeUnicorn-21489.exeUnicorn-7456.exeUnicorn-20263.exeUnicorn-23601.exeUnicorn-56273.exeUnicorn-57342.exeUnicorn-52744.exeUnicorn-36407.exeUnicorn-56273.exeUnicorn-20948.exeUnicorn-40814.exeUnicorn-23378.exeUnicorn-19848.exeUnicorn-29730.exeUnicorn-26200.exeUnicorn-62402.exeUnicorn-25947.exeUnicorn-9096.exeUnicorn-61634.exeUnicorn-42091.exeUnicorn-22225.exeUnicorn-25240.exeUnicorn-45106.exeUnicorn-25563.exeUnicorn-5697.exeUnicorn-41899.exeUnicorn-57903.exeUnicorn-25039.exeUnicorn-24581.exeUnicorn-7477.exeUnicorn-28412.exeUnicorn-27343.exeUnicorn-11883.exeUnicorn-56486.exeUnicorn-27644.exeUnicorn-7778.exeUnicorn-59859.exeUnicorn-10466.exeUnicorn-29948.exeUnicorn-34909.exeUnicorn-15043.exeUnicorn-34909.exeUnicorn-42562.exeUnicorn-62428.exeUnicorn-42562.exeUnicorn-62428.exe

pid	process
2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
2976	Unicorn-57499.exe
1288	Unicorn-38797.exe
2024	Unicorn-18931.exe
2556	Unicorn-7821.exe
2460	Unicorn-52424.exe
2736	Unicorn-6752.exe
304	Unicorn-42251.exe
2996	Unicorn-38721.exe
2532	Unicorn-58587.exe
2816	Unicorn-55058.exe
2836	Unicorn-7938.exe
1644	Unicorn-60284.exe
2116	Unicorn-7554.exe
1916	Unicorn-60092.exe
2936	Unicorn-43756.exe
1808	Unicorn-27420.exe
2244	Unicorn-40226.exe
2404	Unicorn-21489.exe
1404	Unicorn-7456.exe
2036	Unicorn-20263.exe
2144	Unicorn-23601.exe
968	Unicorn-56273.exe
1556	Unicorn-57342.exe
2808	Unicorn-52744.exe
624	Unicorn-36407.exe
1952	Unicorn-56273.exe
932	Unicorn-20948.exe
2220	Unicorn-40814.exe
2280	Unicorn-23378.exe
2960	Unicorn-19848.exe
1328	Unicorn-29730.exe
2764	Unicorn-26200.exe
2652	Unicorn-62402.exe
2900	Unicorn-25947.exe
2576	Unicorn-9096.exe
2668	Unicorn-61634.exe
2716	Unicorn-42091.exe
2660	Unicorn-22225.exe
3004	Unicorn-25240.exe
2852	Unicorn-45106.exe
2160	Unicorn-25563.exe
2092	Unicorn-5697.exe
2252	Unicorn-41899.exe
2784	Unicorn-57903.exe
2320	Unicorn-25039.exe
1788	Unicorn-24581.exe
488	Unicorn-7477.exe
1944	Unicorn-28412.exe
284	Unicorn-27343.exe
344	Unicorn-11883.exe
2124	Unicorn-56486.exe
1664	Unicorn-27644.exe
1368	Unicorn-7778.exe
2516	Unicorn-59859.exe
3064	Unicorn-10466.exe
928	Unicorn-29948.exe
2956	Unicorn-34909.exe
2400	Unicorn-15043.exe
1612	Unicorn-34909.exe
1600	Unicorn-42562.exe
1340	Unicorn-62428.exe
2760	Unicorn-42562.exe
2624	Unicorn-62428.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exeUnicorn-57499.exeUnicorn-38797.exeUnicorn-18931.exeUnicorn-7821.exeUnicorn-52424.exeUnicorn-6752.exeUnicorn-42251.exe

description	pid	process	target process
PID 2304 wrote to memory of 2976	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-57499.exe
PID 2304 wrote to memory of 2976	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-57499.exe
PID 2304 wrote to memory of 2976	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-57499.exe
PID 2304 wrote to memory of 2976	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-57499.exe
PID 2976 wrote to memory of 1288	2976	Unicorn-57499.exe	Unicorn-38797.exe
PID 2976 wrote to memory of 1288	2976	Unicorn-57499.exe	Unicorn-38797.exe
PID 2976 wrote to memory of 1288	2976	Unicorn-57499.exe	Unicorn-38797.exe
PID 2976 wrote to memory of 1288	2976	Unicorn-57499.exe	Unicorn-38797.exe
PID 2304 wrote to memory of 2024	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-18931.exe
PID 2304 wrote to memory of 2024	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-18931.exe
PID 2304 wrote to memory of 2024	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-18931.exe
PID 2304 wrote to memory of 2024	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	Unicorn-18931.exe
PID 2304 wrote to memory of 2628	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	WerFault.exe
PID 2304 wrote to memory of 2628	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	WerFault.exe
PID 2304 wrote to memory of 2628	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	WerFault.exe
PID 2304 wrote to memory of 2628	2304	ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe	WerFault.exe
PID 1288 wrote to memory of 2556	1288	Unicorn-38797.exe	Unicorn-7821.exe
PID 1288 wrote to memory of 2556	1288	Unicorn-38797.exe	Unicorn-7821.exe
PID 1288 wrote to memory of 2556	1288	Unicorn-38797.exe	Unicorn-7821.exe
PID 1288 wrote to memory of 2556	1288	Unicorn-38797.exe	Unicorn-7821.exe
PID 2976 wrote to memory of 2460	2976	Unicorn-57499.exe	Unicorn-52424.exe
PID 2976 wrote to memory of 2460	2976	Unicorn-57499.exe	Unicorn-52424.exe
PID 2976 wrote to memory of 2460	2976	Unicorn-57499.exe	Unicorn-52424.exe
PID 2976 wrote to memory of 2460	2976	Unicorn-57499.exe	Unicorn-52424.exe
PID 2024 wrote to memory of 2736	2024	Unicorn-18931.exe	Unicorn-6752.exe
PID 2024 wrote to memory of 2736	2024	Unicorn-18931.exe	Unicorn-6752.exe
PID 2024 wrote to memory of 2736	2024	Unicorn-18931.exe	Unicorn-6752.exe
PID 2024 wrote to memory of 2736	2024	Unicorn-18931.exe	Unicorn-6752.exe
PID 2976 wrote to memory of 2608	2976	Unicorn-57499.exe	WerFault.exe
PID 2976 wrote to memory of 2608	2976	Unicorn-57499.exe	WerFault.exe
PID 2976 wrote to memory of 2608	2976	Unicorn-57499.exe	WerFault.exe
PID 2976 wrote to memory of 2608	2976	Unicorn-57499.exe	WerFault.exe
PID 2556 wrote to memory of 304	2556	Unicorn-7821.exe	Unicorn-42251.exe
PID 2556 wrote to memory of 304	2556	Unicorn-7821.exe	Unicorn-42251.exe
PID 2556 wrote to memory of 304	2556	Unicorn-7821.exe	Unicorn-42251.exe
PID 2556 wrote to memory of 304	2556	Unicorn-7821.exe	Unicorn-42251.exe
PID 1288 wrote to memory of 2996	1288	Unicorn-38797.exe	Unicorn-38721.exe
PID 1288 wrote to memory of 2996	1288	Unicorn-38797.exe	Unicorn-38721.exe
PID 1288 wrote to memory of 2996	1288	Unicorn-38797.exe	Unicorn-38721.exe
PID 1288 wrote to memory of 2996	1288	Unicorn-38797.exe	Unicorn-38721.exe
PID 2024 wrote to memory of 2816	2024	Unicorn-18931.exe	Unicorn-55058.exe
PID 2024 wrote to memory of 2816	2024	Unicorn-18931.exe	Unicorn-55058.exe
PID 2024 wrote to memory of 2816	2024	Unicorn-18931.exe	Unicorn-55058.exe
PID 2024 wrote to memory of 2816	2024	Unicorn-18931.exe	Unicorn-55058.exe
PID 2460 wrote to memory of 2532	2460	Unicorn-52424.exe	Unicorn-58587.exe
PID 2460 wrote to memory of 2532	2460	Unicorn-52424.exe	Unicorn-58587.exe
PID 2460 wrote to memory of 2532	2460	Unicorn-52424.exe	Unicorn-58587.exe
PID 2460 wrote to memory of 2532	2460	Unicorn-52424.exe	Unicorn-58587.exe
PID 1288 wrote to memory of 2524	1288	Unicorn-38797.exe	WerFault.exe
PID 1288 wrote to memory of 2524	1288	Unicorn-38797.exe	WerFault.exe
PID 1288 wrote to memory of 2524	1288	Unicorn-38797.exe	WerFault.exe
PID 1288 wrote to memory of 2524	1288	Unicorn-38797.exe	WerFault.exe
PID 2024 wrote to memory of 2696	2024	Unicorn-18931.exe	WerFault.exe
PID 2024 wrote to memory of 2696	2024	Unicorn-18931.exe	WerFault.exe
PID 2024 wrote to memory of 2696	2024	Unicorn-18931.exe	WerFault.exe
PID 2024 wrote to memory of 2696	2024	Unicorn-18931.exe	WerFault.exe
PID 2736 wrote to memory of 2836	2736	Unicorn-6752.exe	Unicorn-7938.exe
PID 2736 wrote to memory of 2836	2736	Unicorn-6752.exe	Unicorn-7938.exe
PID 2736 wrote to memory of 2836	2736	Unicorn-6752.exe	Unicorn-7938.exe
PID 2736 wrote to memory of 2836	2736	Unicorn-6752.exe	Unicorn-7938.exe
PID 304 wrote to memory of 1644	304	Unicorn-42251.exe	Unicorn-60284.exe
PID 304 wrote to memory of 1644	304	Unicorn-42251.exe	Unicorn-60284.exe
PID 304 wrote to memory of 1644	304	Unicorn-42251.exe	Unicorn-60284.exe
PID 304 wrote to memory of 1644	304	Unicorn-42251.exe	Unicorn-60284.exe

C:\Users\Admin\AppData\Local\Temp\ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe
"C:\Users\Admin\AppData\Local\Temp\ba7b44f7ff9cdc168a90c72618b1b4d6132800658140a50f72ef150b1a08e749.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        11⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        12⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        13⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
        14⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        15⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
        15⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        14⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        13⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        12⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        11⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        12⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        13⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        14⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 220
        14⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        13⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        11⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 220
        10⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        11⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        12⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        14⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        14⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        13⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        11⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        10⤵
        Program crash
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        9⤵
        Program crash
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        10⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        11⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        12⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        13⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        14⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        12⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        9⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 200
        10⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 220
        9⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        8⤵
        Program crash
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41991.exe
        11⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        13⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        14⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 236
        14⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        13⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        12⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        11⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        10⤵
        Program crash
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        11⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        12⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        13⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
        13⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        12⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        10⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
        9⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
        12⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        13⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
        13⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 204
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        9⤵
        Program crash
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        8⤵
        Program crash
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        Program crash
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        10⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        11⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        12⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        13⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        14⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 220
        14⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        13⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        12⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        11⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        11⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        12⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        13⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 204
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        12⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 236
        13⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 236
        12⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        10⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        9⤵
        Program crash
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        8⤵
        Program crash
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        13⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        13⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        11⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        12⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 216
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        10⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        8⤵
        Program crash
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        7⤵
        Program crash
        
        PID:2164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        6⤵
        Program crash
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        11⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        12⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        13⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        14⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        13⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        12⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        11⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        12⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        13⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        12⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        9⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        Program crash
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        11⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        12⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        12⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        11⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
        11⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        12⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 220
        11⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        8⤵
        Program crash
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        7⤵
        Program crash
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        10⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        11⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        12⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        13⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
        12⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        10⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        11⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
        11⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        10⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        10⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        11⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
        12⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 236
        11⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        10⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        8⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        7⤵
        Program crash
        
        PID:2508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:2396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        11⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        12⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        13⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        14⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        14⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        13⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        12⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
        12⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        11⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        10⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        11⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
        12⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
        12⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 220
        11⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        8⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        7⤵
        Program crash
        
        PID:1560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        6⤵
        Program crash
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        9⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        10⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        10⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        8⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        7⤵
        
        PID:4460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        6⤵
        Program crash
        
        PID:2132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        5⤵
        Program crash
        
        PID:1628
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53145.exe
        12⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
        13⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        14⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        13⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        12⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        11⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        12⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
        13⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        12⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60655.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        12⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 236
        12⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
        9⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        8⤵
        Program crash
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        12⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        13⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        11⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        12⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
        12⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        8⤵
        Program crash
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        7⤵
        Executes dropped EXE
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        12⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        13⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        12⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        10⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        10⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27132.exe
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        11⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        9⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        10⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        11⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        10⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
        8⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        11⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        12⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        9⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        10⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
        11⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
        11⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        10⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
        10⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
        11⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        10⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
        8⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        Program crash
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        6⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        7⤵
        Program crash
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
        6⤵
        Program crash
        
        PID:972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Program crash
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        10⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        11⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 236
        12⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
        11⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        10⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        11⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        12⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 236
        11⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4797.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        11⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        8⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        7⤵
        Program crash
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47027.exe
        10⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
        11⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12955.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24363.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        10⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        11⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        10⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        9⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        8⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        7⤵
        
        PID:4352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        6⤵
        Program crash
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
        10⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        11⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        12⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        12⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        9⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        10⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 220
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        10⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        9⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        8⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
        7⤵
        Program crash
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        10⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 236
        10⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        9⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        8⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        7⤵
        
        PID:4972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        6⤵
        Program crash
        
        PID:2812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Program crash
        
        PID:1300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        10⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        11⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        12⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
        13⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        14⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
        13⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        12⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        11⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        12⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
        13⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        9⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        10⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 200
        11⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        8⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        10⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        11⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        12⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 204
        12⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        11⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        11⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 236
        11⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        8⤵
        Program crash
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 220
        7⤵
        Program crash
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.78681299111932E+264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.78681299111932E+264.exe
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.77148354476318E+263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.77148354476318E+263.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.03226283077412E+264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.03226283077412E+264.exe
        12⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.05030960479193E+264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.05030960479193E+264.exe
        13⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        11⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        11⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        11⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        10⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
        11⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 236
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        10⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:1524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        6⤵
        Program crash
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
        13⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        13⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        12⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
        11⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        10⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        11⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        12⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64550.exe
        11⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        12⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
        12⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
        11⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
        10⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        10⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        11⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        10⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        Program crash
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        11⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        12⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
        12⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        11⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        10⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        9⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        9⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        10⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        10⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        9⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        8⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        
        PID:5744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        6⤵
        Program crash
        
        PID:2940
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        12⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        13⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        13⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        12⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        11⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
        12⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        10⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        11⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        11⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        10⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        9⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 220
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58372.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        10⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 240
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        10⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        8⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        10⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        11⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        11⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        10⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
        10⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        11⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        10⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        9⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        8⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        
        PID:4448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        6⤵
        Program crash
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18746.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        9⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        10⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        10⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        9⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        8⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        7⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        6⤵
        Program crash
        
        PID:3120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        5⤵
        Program crash
        
        PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
        11⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 236
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        10⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        8⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        9⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
        10⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        9⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        8⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        7⤵
        
        PID:5420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        6⤵
        Program crash
        
        PID:3928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        5⤵
        Program crash
        
        PID:1040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
      4⤵
      Program crash
      PID:1608
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
  2⤵
  - Program crash
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe

Filesize
184KB

MD5
7b9cd32b2d7e8c12010768fda27b44ae

SHA1
86baf62054c63d484edbb87c99908429e9f5f46a

SHA256
2cd28226164e7682bd0da414afb9e70c3482aeaad35d2bba23b95f3b79fdf551

SHA512
feb0cce6ba3de5157465ac685513a2290943ffca55672292706c3caf47575315f9896e5031a62a4a0026fff85d0763e6f153548d887c46141910afdb56d37801

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe

Filesize
184KB

MD5
022271cd535818b96e0a7c3aa13282fb

SHA1
e12fd74c70bc2bf8e3ff5a3474c9cd704262990b

SHA256
f79aed7b017d0df27056dc3c4b0f2cd3c0890b9316d2dc5a3c3d6b80ea29d41b

SHA512
32ac954dcba9324fb3d432212d5d1fe1342d20b7e9499c0a83f3f756e5f84c92d15aed07f1459c52b9cd756f337d508a21e04259fe0824a7d3eff1e53a4eec8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe

Filesize
184KB

MD5
a323305a079a23fd4203dc48ec6f9b54

SHA1
118027339b0a7dd21a7d7371bb53236ca7902857

SHA256
d186beefc06802258c23df573475e3f3015711db621b9f0ef60f58998e6e1845

SHA512
a8a10f16db1ee80122c8b8a7bf327cf333d32112914213545172610f1efd1ded47e5ec0e1fce40490cd2ef2972bbace1bcce49e81352b7f73044b8710b0b2bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe

Filesize
184KB

MD5
61825ce17c3f261b5a232ef2d17979a6

SHA1
868cb6e15ccf505f64ada60a2766c3f1391f8a4d

SHA256
68f08d953d8a1a672aa5be092e26fbdc7b4c29170f39261d61a5242910fa5ef2

SHA512
721154e014b00379357176a2ccc02188389c721cb8677555a1cc7caad71003e19649892e107ca7230ee3061e8ee09fa80bfdd260ec13a439b0787077a74c530a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe

Filesize
184KB

MD5
55b1d927ed33e853552d7ce0d42388ed

SHA1
8ec3410173609876610a65bd91890655cfbd6c13

SHA256
929bd2d151460ff9fb63ba75e85dda320b866e65545be7ef9586f48727f9a94e

SHA512
d82860b734b3c2afd3d77010d06d20f32e82454c6458ed2699b7b440244444c607f57432c3b1479b18e83afed7ba19adb73110e989eb67d382c7a17125a67bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe

Filesize
184KB

MD5
44bb9c2817472b9edd8173088b0f1291

SHA1
d5a9546bb3ead21740b718f37beb6f4b4865561a

SHA256
37fa0b939fc9266a9e2c3fd4bc8024f10a78b7686b62dd9bf5999a8c3f31416a

SHA512
726e06baeaf0581fe08de527dd72ae14ba8a02352a19810acf2cf2efb257c5997cc0234cbbd3532ab53267c03a16477cf469b781f2c8c0ab0d35b54767d2adee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe

Filesize
184KB

MD5
a29a35b8c15ccb83682c8e66a24129f2

SHA1
e0cd0e2ec53dd4e9f7758860fb3171f3b56d8d7e

SHA256
7462842f85b87f75e1a095a75b15328870f7d88d12ef8ceb753f1253cb6c8fa5

SHA512
86093495d730a08e7bf8a6992aec92bb2b7f38786893dc13c7e7fda196e57f9779e9b8d81d19e2996482052775474ac89f4ef65da51d28626a73096bba77b692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe

Filesize
184KB

MD5
f83265cce44d3accf07cbdcd7424340c

SHA1
0a6c7a657d6c3fbb266788a871c2151701d53daa

SHA256
14238553e08252fc1d79d2cb7d58ac7171ab98770f052f36332ab10f59f66414

SHA512
d27a8c493f06d4bb32eb3965ff7f19dbc20f5bc4c669eb8bc52e130b33eb186c447483300bd9b8f5676827a5b6028339bac8d2541a57d4448fb86b00251710c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe

Filesize
184KB

MD5
0063b1b08400f6a402b26fd4fdc2b051

SHA1
99cfa692bc4abe68b02697ca54fd4c36ed98fc98

SHA256
ecf998ba15f500d70ea23d30f33d106fa40957c17fa99949731b172b05d5631c

SHA512
b97235103ea351417b28bb5139d81ee32d1b137ae6335ae56e9cf6a8d3f7339f33c9a223649dde8a780eb5cb4a898d9927582875ad0a469bdc5401b26742f907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe

Filesize
184KB

MD5
b00abbcde0ae34f3589888a9879508a4

SHA1
81dd1efc69cb64d40cb0c67545aee1a78b79e0f0

SHA256
095c14bb923025be035676fd36037eab60ae883e501d50847ca7339b3212cc45

SHA512
f288e1517e45c4b24ac32d5d136d2e551e2bfd4b55b310de8f3757b26503b83c8093e515c6859b672bec28c26bebb616a80044fee5f28677e9fe61cef75ff060

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe

Filesize
184KB

MD5
eff4e00f03421176dada51ad2c0ac0ea

SHA1
9a7b82ed8d389ee811c89da2dc544e0a6b811ab1

SHA256
3b6ddd1a6f28c1b732ee358bd6c761a28a0864fe90597ac00ae745c7d6e564c2

SHA512
a45ae9deff65c06cc9fd68a5672d112dd453bb770b3b0be625d26709af4e29eff9e25e8fb5b97e6d6b04a653daafef6f01562787d99001f34d860d8cae5a118f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe

Filesize
184KB

MD5
1fb5ef83e7958473f037b0ff57517a28

SHA1
2583309b729d9dff50a5f146934cb1c5d1fe1cd1

SHA256
910a6ef8e6a410685fb946b5af5587c20e69a4ac6d76109380c06b5536f11d39

SHA512
2f9db51d9051fd460c631de95ea11e7c8f8e27de79c190cf905402f1df019e4d733f3295b3703ae73c992f3bcee96ec95031c3a95c35680a1f4b764a7373dd5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe

Filesize
184KB

MD5
cae9e31645d9ba633c1dd71bcbb4a83d

SHA1
0ca52295cc5220a17c21136d23ad1aa3b8952fe4

SHA256
a9872d2093d372fb6021700cc9b6b5ee4e52535e80d11bb35cbc60fbce9b74be

SHA512
549759b710cb9c804b1e5a4f71acce5ad90cdc1b5758d598c4051ffa794398b988515d632f2322781c87a4fad087da2d9526553a7bcbbb3b976395c0f98cb362

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe

Filesize
184KB

MD5
6e7cf221d602e14b83dde1f6bcc6e50a

SHA1
0274a00259b7f640c34bd0e015a4574b91b8ab17

SHA256
53b3777c7f545144f2af102db80e33b6e22fc4fd81ff96e9f3cd8ac6380f62b7

SHA512
256aab90f5c464e88098cf3a712e323f152b5cb679f8eca1fd1e2e126acd01d6acc1b28e16af15682b3923959d844a0b196e016552f0d210a8df35e69662d529

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe

Filesize
184KB

MD5
b6515ca3740a53ae830dfe2ac8a2d949

SHA1
8d5991d8cbb5392a7d1430a29a0692689430d26c

SHA256
e0367123322bc98f5b8197d71f411c6dda6a963af9e1809a2ed2fb600a052975

SHA512
46f416e208696b5ca80bb70f45a0209bdbdb82c30688d722e6037f69ad2a310b522f8b49c3ff626ef7222dea19925953e6a5fafdce83ce6544b33f2573653176

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe

Filesize
184KB

MD5
89bd4048a72c82b23ba5abd26653f635

SHA1
aaf1a4fde17c4a310d9a39cc85b765ec9224e72e

SHA256
744e1e78c586eb9aba6a70f1670ddbf147a735236d35bffcf14740bff9e8f1aa

SHA512
9236c8e536da1abdc742abda8093c687939326d4db4bc8785309130b6f5d3cde3cb5dbfca896dc3cf31c411185f876e059654e67f2704cb3fcebb8e3d6d4fb5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe

Filesize
184KB

MD5
7f816e0fd09a683a5a6b03fdf672aa26

SHA1
9b0f30215056d2b4ac17a15dbe192cd27eca147a

SHA256
f57f0da0a64b48bf616ea50e79686ff618d797da03eaf8979ac6b39c07560cf0

SHA512
4d725011f32d15d746077f50caecf736c0d9c38ee393edbb2c253ef0b5ea2d192695fea9dcca27069b5506af4181f393e24c2c86ecc407578ef79c2a28c167eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe

Filesize
184KB

MD5
afa4738f296900b2c1b4079646371fac

SHA1
f94dbb9248eeb2654fa6dcaf92797143ec2042d5

SHA256
a9bbb16b0d75f650b887ff953d6e70b2b9755e030b0014b9a2ff75d93b216e7e

SHA512
abcb24f6abeccadcb4b3e0d141ee612a0164943a46610a845ec052fc164046ae338550196e64dfdc494954115ffc24680c4be8368408a3e80c3f4c9d8b9a78d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe

Filesize
184KB

MD5
4cf22e731ce832b391eecabefcccdbbb

SHA1
8ce57f1ce6e1f9c17e3225b9865f5df62c81e0a6

SHA256
91f8e6986dd7d8acf12eab1b95710c79373f0096de14bfb88751970fa4f5e7c0

SHA512
dce05b73f40a9804e924007fa910ad1d009531b6a08f52c9fd3bbdd2d59f77b98f0bd350dc12400dd26bb9ab50f7b19604049d56099f56f8dd72553b0e648f1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe

Filesize
184KB

MD5
d7cedd93ce88a05409a4c8619d23d563

SHA1
7b68aa56c76061b5ffed2602852c1727631c0d10

SHA256
40194fba45ad61d79e001045b0386f3cf7eed6cff3817ca1d37682d2ee6abbc8

SHA512
274b350b7363e691124b36e3fcd2e5897269c67d53e3021d89a96405b9cd923c04ba4331e7a71f18a9d2756615200d3f879936140f3f9bfd9eb8d9fc958330f2

Download Submit