e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
Size

184KB
MD5

813319a9e6da591e50faf99c1d8c5be1
SHA1

7334dc737fbd6ac413a498e3927850949def2000
SHA256

e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700
SHA512

c05bc81700762b3a9491ca8ca2548f5f7cf7bbbdb30ac4d0878fa566ccb99945e97e108e5ee34a5d7c50611cc46065a4ea96a834f5acb361081ea1238e41d6da
SSDEEP

3072:elV3mDo6e/nFdFaWehALRtsZIlnViFJn3:elEoFjFawLbsZIlnViFJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3036	Unicorn-19377.exe
2548	Unicorn-2298.exe
2652	Unicorn-64306.exe
2288	Unicorn-60316.exe
2688	Unicorn-56787.exe
2676	Unicorn-11115.exe
2776	Unicorn-16897.exe
2804	Unicorn-29127.exe
2148	Unicorn-65329.exe
2072	Unicorn-16321.exe
1988	Unicorn-30196.exe
1648	Unicorn-35867.exe
1300	Unicorn-32337.exe
2852	Unicorn-2618.exe
1976	Unicorn-55026.exe
540	Unicorn-64818.exe
564	Unicorn-4792.exe
1516	Unicorn-54315.exe
2280	Unicorn-23174.exe
1608	Unicorn-62582.exe
980	Unicorn-29910.exe
2028	Unicorn-10044.exe
2540	Unicorn-59245.exe
1012	Unicorn-61321.exe
2224	Unicorn-61321.exe
2220	Unicorn-26188.exe
1268	Unicorn-46054.exe
2272	Unicorn-26188.exe
2388	Unicorn-44409.exe
884	Unicorn-46189.exe
2744	Unicorn-13002.exe
2664	Unicorn-45805.exe
2848	Unicorn-58804.exe
2648	Unicorn-16148.exe
2800	Unicorn-42467.exe
3016	Unicorn-16148.exe
2620	Unicorn-49012.exe
2496	Unicorn-64964.exe
2112	Unicorn-61435.exe
2480	Unicorn-64964.exe
2528	Unicorn-61435.exe
2932	Unicorn-48244.exe
2544	Unicorn-48244.exe
320	Unicorn-14538.exe
2196	Unicorn-14538.exe
2904	Unicorn-34404.exe
2344	Unicorn-50740.exe
2416	Unicorn-53387.exe
2092	Unicorn-18254.exe
1704	Unicorn-5447.exe
384	Unicorn-36859.exe
588	Unicorn-50735.exe
1188	Unicorn-36475.exe
1576	Unicorn-52427.exe
1672	Unicorn-1809.exe
1688	Unicorn-5530.exe
284	Unicorn-2001.exe
3044	Unicorn-37819.exe
1532	Unicorn-24690.exe
1720	Unicorn-24690.exe
1348	Unicorn-54347.exe
912	Unicorn-34481.exe
768	Unicorn-20907.exe
2824	Unicorn-4248.exe

Loads dropped DLL 64 IoCs

pid	Process
3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
3036	Unicorn-19377.exe
3036	Unicorn-19377.exe
3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
2548	Unicorn-2298.exe
2548	Unicorn-2298.exe
3036	Unicorn-19377.exe
3036	Unicorn-19377.exe
2652	Unicorn-64306.exe
2652	Unicorn-64306.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2288	Unicorn-60316.exe
2288	Unicorn-60316.exe
2548	Unicorn-2298.exe
2548	Unicorn-2298.exe
2688	Unicorn-56787.exe
2688	Unicorn-56787.exe
2676	Unicorn-11115.exe
2676	Unicorn-11115.exe
2652	Unicorn-64306.exe
2652	Unicorn-64306.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
1072	WerFault.exe
2776	Unicorn-16897.exe
2776	Unicorn-16897.exe
2288	Unicorn-60316.exe
2288	Unicorn-60316.exe
2804	Unicorn-29127.exe
2804	Unicorn-29127.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2072	Unicorn-16321.exe
2072	Unicorn-16321.exe
2688	Unicorn-56787.exe
2688	Unicorn-56787.exe
2676	Unicorn-11115.exe
2676	Unicorn-11115.exe
1988	Unicorn-30196.exe
1988	Unicorn-30196.exe
2172	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1100	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2560	3000	WerFault.exe	27
2692	3036	WerFault.exe	28
1072	2548	WerFault.exe	29
2752	2652	WerFault.exe	30
2172	2148	WerFault.exe	38
1100	2288	WerFault.exe	32
1884	2688	WerFault.exe	33
1104	2676	WerFault.exe	34
2536	2776	WerFault.exe	36
3024	2804	WerFault.exe	37
1636	2072	WerFault.exe	39
2096	1988	WerFault.exe	40
1112	1300	WerFault.exe	44
2000	1648	WerFault.exe	43
560	2852	WerFault.exe	45
2796	1516	WerFault.exe	50
2436	1976	WerFault.exe	47
2052	540	WerFault.exe	48
652	564	WerFault.exe	49
1856	2280	WerFault.exe	54
2068	1608	WerFault.exe	55
2844	2028	WerFault.exe	56
1500	980	WerFault.exe	57
2944	2540	WerFault.exe	58
1620	2224	WerFault.exe	59
1936	1012	WerFault.exe	60
2164	1268	WerFault.exe	61
712	2220	WerFault.exe	62
2716	2272	WerFault.exe	63
864	912	WerFault.exe	107
2632	884	WerFault.exe	68
2056	2744	WerFault.exe	70
2820	2664	WerFault.exe	71
2136	2848	WerFault.exe	72
2780	2800	WerFault.exe	75
2044	2648	WerFault.exe	74
3112	3016	WerFault.exe	73
3136	2620	WerFault.exe	76
3160	2528	WerFault.exe	79
3184	2112	WerFault.exe	80
3176	2932	WerFault.exe	82
3228	2496	WerFault.exe	78
3248	2904	WerFault.exe	85
3280	2544	WerFault.exe	81
3272	2480	WerFault.exe	77
3296	320	WerFault.exe	84
3336	2196	WerFault.exe	83
3328	2344	WerFault.exe	86
3728	588	WerFault.exe	98
3752	2092	WerFault.exe	91
3940	2476	WerFault.exe	113
4004	1532	WerFault.exe	106
4044	1348	WerFault.exe	108
4000	1828	WerFault.exe	118
3240	2460	WerFault.exe	114
3472	1820	WerFault.exe	120
3840	2824	WerFault.exe	110
3080	2348	WerFault.exe	119
3612	384	WerFault.exe	96
3624	2768	WerFault.exe	117
3832	2816	WerFault.exe	116
3736	2416	WerFault.exe	90
4104	1672	WerFault.exe	101
4132	1688	WerFault.exe	102

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
3036	Unicorn-19377.exe
2548	Unicorn-2298.exe
2652	Unicorn-64306.exe
2288	Unicorn-60316.exe
2688	Unicorn-56787.exe
2676	Unicorn-11115.exe
2776	Unicorn-16897.exe
2148	Unicorn-65329.exe
2072	Unicorn-16321.exe
2804	Unicorn-29127.exe
1988	Unicorn-30196.exe
1300	Unicorn-32337.exe
1648	Unicorn-35867.exe
2852	Unicorn-2618.exe
540	Unicorn-64818.exe
1976	Unicorn-55026.exe
1516	Unicorn-54315.exe
564	Unicorn-4792.exe
2280	Unicorn-23174.exe
1608	Unicorn-62582.exe
2028	Unicorn-10044.exe
980	Unicorn-29910.exe
2540	Unicorn-59245.exe
2224	Unicorn-61321.exe
1012	Unicorn-61321.exe
2220	Unicorn-26188.exe
2388	Unicorn-44409.exe
1268	Unicorn-46054.exe
2272	Unicorn-26188.exe
884	Unicorn-46189.exe
2744	Unicorn-13002.exe
2664	Unicorn-45805.exe
2848	Unicorn-58804.exe
2648	Unicorn-16148.exe
3016	Unicorn-16148.exe
2800	Unicorn-42467.exe
2620	Unicorn-49012.exe
2480	Unicorn-64964.exe
2496	Unicorn-64964.exe
2112	Unicorn-61435.exe
2528	Unicorn-61435.exe
2544	Unicorn-48244.exe
2932	Unicorn-48244.exe
320	Unicorn-14538.exe
2196	Unicorn-14538.exe
2904	Unicorn-34404.exe
2344	Unicorn-50740.exe
2416	Unicorn-53387.exe
2092	Unicorn-18254.exe
1704	Unicorn-5447.exe
384	Unicorn-36859.exe
588	Unicorn-50735.exe
1188	Unicorn-36475.exe
1576	Unicorn-52427.exe
1672	Unicorn-1809.exe
1688	Unicorn-5530.exe
284	Unicorn-2001.exe
3044	Unicorn-37819.exe
912	Unicorn-34481.exe
1720	Unicorn-24690.exe
1532	Unicorn-24690.exe
1348	Unicorn-54347.exe
768	Unicorn-20907.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3036	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	28
PID 3000 wrote to memory of 3036	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	28
PID 3000 wrote to memory of 3036	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	28
PID 3000 wrote to memory of 3036	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	28
PID 3036 wrote to memory of 2548	3036	Unicorn-19377.exe	29
PID 3036 wrote to memory of 2548	3036	Unicorn-19377.exe	29
PID 3036 wrote to memory of 2548	3036	Unicorn-19377.exe	29
PID 3036 wrote to memory of 2548	3036	Unicorn-19377.exe	29
PID 3000 wrote to memory of 2652	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	30
PID 3000 wrote to memory of 2652	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	30
PID 3000 wrote to memory of 2652	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	30
PID 3000 wrote to memory of 2652	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	30
PID 3000 wrote to memory of 2560	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	31
PID 3000 wrote to memory of 2560	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	31
PID 3000 wrote to memory of 2560	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	31
PID 3000 wrote to memory of 2560	3000	e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe	31
PID 2548 wrote to memory of 2288	2548	Unicorn-2298.exe	32
PID 2548 wrote to memory of 2288	2548	Unicorn-2298.exe	32
PID 2548 wrote to memory of 2288	2548	Unicorn-2298.exe	32
PID 2548 wrote to memory of 2288	2548	Unicorn-2298.exe	32
PID 3036 wrote to memory of 2688	3036	Unicorn-19377.exe	33
PID 3036 wrote to memory of 2688	3036	Unicorn-19377.exe	33
PID 3036 wrote to memory of 2688	3036	Unicorn-19377.exe	33
PID 3036 wrote to memory of 2688	3036	Unicorn-19377.exe	33
PID 2652 wrote to memory of 2676	2652	Unicorn-64306.exe	34
PID 2652 wrote to memory of 2676	2652	Unicorn-64306.exe	34
PID 2652 wrote to memory of 2676	2652	Unicorn-64306.exe	34
PID 2652 wrote to memory of 2676	2652	Unicorn-64306.exe	34
PID 3036 wrote to memory of 2692	3036	Unicorn-19377.exe	35
PID 3036 wrote to memory of 2692	3036	Unicorn-19377.exe	35
PID 3036 wrote to memory of 2692	3036	Unicorn-19377.exe	35
PID 3036 wrote to memory of 2692	3036	Unicorn-19377.exe	35
PID 2288 wrote to memory of 2776	2288	Unicorn-60316.exe	36
PID 2288 wrote to memory of 2776	2288	Unicorn-60316.exe	36
PID 2288 wrote to memory of 2776	2288	Unicorn-60316.exe	36
PID 2288 wrote to memory of 2776	2288	Unicorn-60316.exe	36
PID 2548 wrote to memory of 2804	2548	Unicorn-2298.exe	37
PID 2548 wrote to memory of 2804	2548	Unicorn-2298.exe	37
PID 2548 wrote to memory of 2804	2548	Unicorn-2298.exe	37
PID 2548 wrote to memory of 2804	2548	Unicorn-2298.exe	37
PID 2688 wrote to memory of 2148	2688	Unicorn-56787.exe	38
PID 2688 wrote to memory of 2148	2688	Unicorn-56787.exe	38
PID 2688 wrote to memory of 2148	2688	Unicorn-56787.exe	38
PID 2688 wrote to memory of 2148	2688	Unicorn-56787.exe	38
PID 2676 wrote to memory of 2072	2676	Unicorn-11115.exe	39
PID 2676 wrote to memory of 2072	2676	Unicorn-11115.exe	39
PID 2676 wrote to memory of 2072	2676	Unicorn-11115.exe	39
PID 2676 wrote to memory of 2072	2676	Unicorn-11115.exe	39
PID 2652 wrote to memory of 1988	2652	Unicorn-64306.exe	40
PID 2652 wrote to memory of 1988	2652	Unicorn-64306.exe	40
PID 2652 wrote to memory of 1988	2652	Unicorn-64306.exe	40
PID 2652 wrote to memory of 1988	2652	Unicorn-64306.exe	40
PID 2548 wrote to memory of 1072	2548	Unicorn-2298.exe	41
PID 2548 wrote to memory of 1072	2548	Unicorn-2298.exe	41
PID 2548 wrote to memory of 1072	2548	Unicorn-2298.exe	41
PID 2548 wrote to memory of 1072	2548	Unicorn-2298.exe	41
PID 2652 wrote to memory of 2752	2652	Unicorn-64306.exe	42
PID 2652 wrote to memory of 2752	2652	Unicorn-64306.exe	42
PID 2652 wrote to memory of 2752	2652	Unicorn-64306.exe	42
PID 2652 wrote to memory of 2752	2652	Unicorn-64306.exe	42
PID 2776 wrote to memory of 1648	2776	Unicorn-16897.exe	43
PID 2776 wrote to memory of 1648	2776	Unicorn-16897.exe	43
PID 2776 wrote to memory of 1648	2776	Unicorn-16897.exe	43
PID 2776 wrote to memory of 1648	2776	Unicorn-16897.exe	43

C:\Users\Admin\AppData\Local\Temp\e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe
"C:\Users\Admin\AppData\Local\Temp\e25acc6ddc7a297940fbab7adb56e850b5dac05e76cd0b256efe00558a376700.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        12⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        13⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        14⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        14⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        13⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        12⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        11⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        11⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        12⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        13⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        13⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 220
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
        10⤵
        Program crash
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        12⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        13⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        12⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        10⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        9⤵
        Program crash
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9685.exe
        11⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        12⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        13⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 204
        13⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        11⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        10⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        12⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 220
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        11⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        10⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        9⤵
        Program crash
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        8⤵
        Program crash
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        10⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        11⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        13⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        12⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        11⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        11⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        9⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        8⤵
        Program crash
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        9⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21248.exe
        11⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        12⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        13⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 204
        13⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        11⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        10⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        9⤵
        Program crash
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        11⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 220
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        11⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        10⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        10⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        7⤵
        Program crash
        
        PID:2844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        6⤵
        Program crash
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        9⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        10⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        11⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 240
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 236
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        11⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        12⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
        12⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        9⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        10⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        11⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        11⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        11⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        8⤵
        Program crash
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        12⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 204
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        10⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        11⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        8⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        7⤵
        Program crash
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
        11⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        12⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        11⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        10⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        10⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 212
        11⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        8⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:2056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        6⤵
        Program crash
        
        PID:1112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        11⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        11⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
        8⤵
        Program crash
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        11⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        12⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        8⤵
        Program crash
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        7⤵
        Program crash
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
        10⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        10⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
        10⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        8⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        Program crash
        
        PID:2780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        6⤵
        Program crash
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        12⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        10⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 220
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        8⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        7⤵
        Program crash
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        7⤵
        Program crash
        
        PID:864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        6⤵
        Program crash
        
        PID:2944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        5⤵
        Program crash
        
        PID:3024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        11⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        12⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        12⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        11⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        11⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 236
        11⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 220
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        10⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        9⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        11⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        10⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 220
        7⤵
        Program crash
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        6⤵
        Executes dropped EXE
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        10⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        9⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        10⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        10⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 220
        9⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        8⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
        7⤵
        Program crash
        
        PID:3840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        6⤵
        Program crash
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26802.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        10⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        10⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        10⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        9⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        7⤵
        Program crash
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        9⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65345.exe
        10⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 204
        10⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        9⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        9⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        9⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
        8⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        7⤵
        
        PID:5796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        6⤵
        Program crash
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        5⤵
        Program crash
        
        PID:2052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        9⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5186.exe
        11⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        12⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        13⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        12⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        11⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
        10⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        9⤵
        Program crash
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        11⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        11⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        10⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        8⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37859.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        10⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        11⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 220
        10⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        8⤵
        Program crash
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        7⤵
        Program crash
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        11⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 220
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 220
        9⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        8⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        11⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        10⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
        9⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        7⤵
        Program crash
        
        PID:3160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
        6⤵
        Program crash
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26802.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        11⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 220
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        11⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
        8⤵
        Program crash
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        10⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
        10⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        9⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        8⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 220
        7⤵
        Program crash
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
        6⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 220
        9⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        7⤵
        Program crash
        
        PID:3472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        6⤵
        Program crash
        
        PID:2716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        5⤵
        Program crash
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        10⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        9⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        8⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        7⤵
        Program crash
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        9⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        10⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        10⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        9⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        8⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
        7⤵
        Program crash
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        7⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        10⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        10⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        9⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        7⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        7⤵
        Program crash
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        10⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
        10⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        9⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        9⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        9⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        8⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 220
        7⤵
        
        PID:5140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        6⤵
        Program crash
        
        PID:3296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        5⤵
        Program crash
        
        PID:652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
      4⤵
      Program crash
      PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58667.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        12⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        11⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
        10⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
        11⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 204
        11⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 220
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        10⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        11⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
        11⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        9⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        10⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        10⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        9⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        10⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        9⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        9⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        8⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        7⤵
        
        PID:5324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        6⤵
        Program crash
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48886.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        9⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        10⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        10⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        9⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        10⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        10⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        9⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 220
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        9⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        9⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        8⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        7⤵
        
        PID:5248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 220
        6⤵
        Program crash
        
        PID:3184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        5⤵
        Program crash
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7777.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        10⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        10⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        10⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        10⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        8⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        7⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        6⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        9⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        9⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        8⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        7⤵
        
        PID:4704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        6⤵
        Program crash
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        9⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        9⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        8⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
        7⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe
        8⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        8⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        7⤵
        
        PID:7472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        6⤵
        
        PID:5072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
      4⤵
      Program crash
      PID:2096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
  2⤵
  - Program crash
  PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe

Filesize
184KB

MD5
2011a11ab4c10df5250078724394ec70

SHA1
9c200031f8d2052e118ac2e168378f63a7f5e2bd

SHA256
7bee52865d6697edfbf0897a8816fe7880108b2e4643edae4cc68a486ee50292

SHA512
8b368aa51d1ea4c125ff5b43f276176c6c4ef712ace99c0b4c6b1ed45cca032a0355061641ab4a4f325f79cfd38caf416f662cdeb731a436a46527d1eccade6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe

Filesize
184KB

MD5
72aeef20a32e83026559529f446911ff

SHA1
16b8763ef4a2e8472238a70cd1acd508b2a0f6e9

SHA256
ade47af46c88735e1d6429e74ab7adb0ca56805e47d58844db78baa1dd20bdc1

SHA512
1583befbb826483fae701aafa57d26affda9a7c478da59de2ecb466e674925b4317918b9946f99c2b86453e9dbe49e7a3db6b20ad44869dc094a7053e2497511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe

Filesize
184KB

MD5
146f85e7b0cb4edb7211ed513e61374b

SHA1
b11b59ce83d370b6dfc3f3d0b35800c4d1cd3164

SHA256
2af3c726e64ef17ae09cfe225add13f09f18ac001509ddf6835d17eea2921013

SHA512
7581c3fe66766822729af29dcb3b196307cebc1f6844a2daafa974d1f1a1343d916e37daa6fe15986772f3be12d970f3633e57d8811519a37126c84811f3fe44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe

Filesize
184KB

MD5
da4799fa26a2f63e5da55cfe472d89c5

SHA1
c2529ef167eabdfdd1404c4e44e0d1755fc18ae0

SHA256
4546afb8074910bc5e56d60b60d9c9b338cce2723d665ebca90d58da9c925cee

SHA512
a48962ab05f6ff3197d5a21301f53c144704c17bfb2b1197db03433ee4f931bce463c89c08877d81092503424fd1bc7fd9e75c631187475d81e6c765f3bbe544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe

Filesize
184KB

MD5
18e0b0f4c315cef884489bc924bf6b0a

SHA1
f1df205f130335a745b156983b037904080ed5f4

SHA256
bf5e62d956920e2aa6ffaaf97bcd9023b7576e48ab5f9352e17209145e7617d3

SHA512
4b854dabbf2b271bc58c283a1d345213519e6b284783d3d2d91478bcead319e6146260eeb342382ad2216b38d32fb1ae995d9eec883cc3c4960ba4126f208f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe

Filesize
184KB

MD5
77fe47ec40032cdab6f5a74325764ffc

SHA1
b6633c85bbc465c97ae3eee2e433d172212d6cfe

SHA256
0c151e515f78d8cb264c901086506ebc016df72b668947dee56fa404149a479e

SHA512
0f1ba25fdee2ca0cb23ae97f7971e2ab6768fe970dd164d9921d1f414edffb86adda48afa2d12f985e8ad0d6e974c942b1fdb4546679e79f4a252bc6c13c18c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe

Filesize
184KB

MD5
3ae8699a16162fe6cf70f0f33b38e440

SHA1
35ecefa5a70ba49e7986ee49ad496134e7ab7a98

SHA256
6455346e9662a93670ff88afb5b4b1d40ffa34831abc974e4e002d6c00ce30d5

SHA512
01e93b2240655de9bbf74510faaaea3faca90042a88661837e7178b243098e14206d7847c487554d2275fb997eac24b9ae4e69d2d5fc0af0f79e1ef4e65261c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe

Filesize
184KB

MD5
d79960c900b5635c9e957cae2679f2d7

SHA1
2ea612320036a8f7510f386ac9c086d23f6a4f8e

SHA256
110c96d578341d6e4162da6246bc920ef0561b44723bc9c3ba68cbb5e79f9c0a

SHA512
f39834dd80301fad474ca8760f5f70bbdd55d36c8b27db8ba00dbca30fbf9266e4a6eb7e89c151a20c47537cbb53e19e46ce447f0c03115f2449e6c875d31e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe

Filesize
184KB

MD5
db9073e736cb73953a0022ee213af046

SHA1
4106739e07d7f6a112a4209c1f513b6e394e6d1a

SHA256
e27e561a35c3ca7304ffc1b5e08e1e5a9f182d4741e3aac4e30c5bf618a813b1

SHA512
98dff28a9a9318e747581fc471c227314891c781d0d9436184cb878bedbeb9cb2fbe8747facfbfc533c480a28d86b39c3d96675a3ff1011b86c8db73f2e7af13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe

Filesize
184KB

MD5
8bf01d7c9d8d71e298f9872d2d8a9318

SHA1
c105ab5dbf84c39cf01527a8769f5ca237c2b2d8

SHA256
248258818593fdb93b73924c1a2e4d75a0994f81730b889cb77338cfd9fc7986

SHA512
90ffef86c7bc695e7a57a957f78c2a301e06f2c41ee958a4156531ab33c6ded101bafa6d57eb2eaacd663148cce239ef1cd0d3782276e3bf5de68ca16a96eb6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe

Filesize
184KB

MD5
8d9d064aa445e48beab9ae0715804af4

SHA1
d4e564d57bd7bcfae49977334bf66c72bcb315e4

SHA256
d153a984ba5219da2bbd50528b38acaf0ee618e0b1e2a63c8ef740a5dac1b1c6

SHA512
82f361ffa71b3362db803fee79703e0d08070d86127f8228fe0eba2ebc311f2d8ec1d5bfeb8f7d80e14a21516accedbabf7cb450b19eb3e679907d95718fe39f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe

Filesize
184KB

MD5
cab452ace375611b119c99331ee72767

SHA1
6388df625f3f372904555f7825c058ba2653c0aa

SHA256
7b4d40f2561f0d6791ed7a6b798d16ec8db0fe927df267f20031aadab64b7ffa

SHA512
2c70471091db220d2b0d63c62e605b8a025386e98303bb986344da35f136df0d020501d17f2098d9e38933646576b98222a6fec1653cc0f7da50837d8e286daf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe

Filesize
184KB

MD5
35a52adf3faa1a6bb606f725c9e0fee0

SHA1
459b2929742a5ba4530520cffa8496a5c804f50f

SHA256
198bce9b045d1a1dd079d2a5f213daa59a2035fdfc3b12c9d61b950972404418

SHA512
de7eca7ec890b1e2615ee6ece71cbf51f98d5e81ec683dc41395b86c8146120f7238ae70db8a98c6fa2bd63a3b9e666ffe5044bac1f8579cae48dc2091cbec6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2618.exe

Filesize
184KB

MD5
73aa9b943eb718b260d7c5bd9119491d

SHA1
8758c4ce2e957ce52e1d9351f6bebd615a01d911

SHA256
443ddf984cd90ad1373b61dd87f632d712ddade0bb2bb58ebbcf2a8c38761633

SHA512
222a2b65556500febb2e5dc1164523b3b8635de4056eecd09f63c48761ceefb106d3ab9b8420c2d286ff68dd8d13198c1178dcde2ad4234f6404238c474fb6f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe

Filesize
184KB

MD5
d4ef631ffdf9604afd918849dd3bfa9f

SHA1
c4a74d1bae3afb9569a921ba24598bc2f680b7e5

SHA256
f6b05faea6b749b959fe4da96577ed8e51ffa94d64264aceab172010a790922d

SHA512
365c8fcabbdedcb6929cb2655b5715228361569d52edb1097ddb5993c2b2a27673339ead8eb54164682c7a9d7833db0989236cc722f54714e8b58ddec9210fe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe

Filesize
184KB

MD5
febe80c2c98b258a5ee0e8a265fa5c49

SHA1
168aee23a6a115835dba0b48da66d12efae49c1f

SHA256
3209a4afa2f3f9bc6f5a0f4f068ea332c11571642c9ffe859b8370263580e95b

SHA512
c5c9c5837ff9d15ebd19209262de3a37f9f24631f1a27f9eacf5cd642ea754bf4dbe30ae949c316903bd65fc0b1902957b9e4a229e814bacbfba2e5c380bd051

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe

Filesize
184KB

MD5
e7b2b11c66e0e378dec44dda3a8e56c0

SHA1
cc677de41aba04856cfddcefce26011e2687ae27

SHA256
65a97d96166d38ed0c74a32e6599bd0951338993d30479cd08ee61daf4abb179

SHA512
66549c086bc844913245c6cebd313887ce70a7219f7d987e1132561d042b0374f16df79ed414df461985e01977a0e610be7267af1fde27a9a8ef280d80a3ae96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe

Filesize
184KB

MD5
c213d96b6ce4c16e11c7e704f14c6eb1

SHA1
09a572dd65cae52bc1ab7e7bfcb8eba4639ff836

SHA256
a771efd84cb5114ee67d6eb54b557f1c0a5b9d7ae26370af8efa79179f819e84

SHA512
46c111c174d7a12a56c0b48862ec3884dc17b742e484b331c75f72170559ad1bdcd5d8d45063276140b7fc23628bdf823fff378eeafe44d34c958f97f27e1697

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe

Filesize
184KB

MD5
b9286da1b7a369029fb627feaeeedf9f

SHA1
075579373f1dccb31b5d2529c6c56b3335364c90

SHA256
97adc2c50e1b97fee1b88003b5431674f90e49e303e93b596c734c148139a8c5

SHA512
a58820985d1b60407316a532a801bd3a704d8facff10892dd180b5a74137eecb6b899da61acbae1e7339d68733151b73c768a99fce832cf39acc23bd203e0210

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads