e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
Size

184KB
MD5

4b3dadf56027ea7491145fd4efc8d2f2
SHA1

a5199e0aa8544ffce2a1c1c53844e585a5623031
SHA256

e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2
SHA512

6d3da9e63f693cd5a3cf14a09eb5ccf36af261a942974cd4ba3ee514c486465a30380e2285dc1ec6f7fcb43c649376c34fbe36ddde743fd477cfe9e87e9af885
SSDEEP

1536:u7r/674AC+ERotxetPiAlpwMr2IyG8clbmdXqS89hbzAtnhl5hj5nizpvz:omI+ERoTwPiodrtfzzS89hunhlnViFL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2504	Unicorn-21364.exe
2624	Unicorn-55349.exe
2540	Unicorn-2811.exe
2988	Unicorn-30918.exe
2416	Unicorn-15843.exe
2968	Unicorn-28265.exe
1256	Unicorn-7363.exe
948	Unicorn-20362.exe
2864	Unicorn-20855.exe
2972	Unicorn-40721.exe
1896	Unicorn-23128.exe
2324	Unicorn-28386.exe
840	Unicorn-11473.exe
1104	Unicorn-29071.exe
2296	Unicorn-40808.exe
2044	Unicorn-11089.exe
2316	Unicorn-41000.exe
2360	Unicorn-39899.exe
1536	Unicorn-39873.exe
1824	Unicorn-36535.exe
968	Unicorn-58513.exe
1836	Unicorn-42177.exe
888	Unicorn-58705.exe
292	Unicorn-55176.exe
1464	Unicorn-25265.exe
3000	Unicorn-5591.exe
924	Unicorn-25457.exe
1992	Unicorn-38263.exe
1612	Unicorn-46484.exe
2068	Unicorn-17149.exe
2720	Unicorn-54336.exe
2688	Unicorn-35539.exe
2636	Unicorn-21664.exe
2468	Unicorn-1030.exe
2444	Unicorn-20896.exe
2464	Unicorn-53760.exe
2980	Unicorn-17558.exe
880	Unicorn-3298.exe
1280	Unicorn-36198.exe
2944	Unicorn-54803.exe
2004	Unicorn-5026.exe
2796	Unicorn-34361.exe
2264	Unicorn-54419.exe
2780	Unicorn-37507.exe
1376	Unicorn-53002.exe
816	Unicorn-6261.exe
2244	Unicorn-61404.exe
1908	Unicorn-28732.exe
2160	Unicorn-40661.exe
1236	Unicorn-29007.exe
588	Unicorn-45727.exe
2336	Unicorn-8757.exe
2924	Unicorn-8757.exe
1724	Unicorn-46962.exe
844	Unicorn-9992.exe
872	Unicorn-29858.exe
1604	Unicorn-9608.exe
2208	Unicorn-29474.exe
1512	Unicorn-29090.exe
2888	Unicorn-9416.exe
1920	Unicorn-62146.exe
2488	Unicorn-34181.exe
676	Unicorn-2743.exe
704	Unicorn-53013.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
2504	Unicorn-21364.exe
2504	Unicorn-21364.exe
3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
2540	Unicorn-2811.exe
2540	Unicorn-2811.exe
2624	Unicorn-55349.exe
2624	Unicorn-55349.exe
2504	Unicorn-21364.exe
2504	Unicorn-21364.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
2416	Unicorn-15843.exe
2416	Unicorn-15843.exe
2624	Unicorn-55349.exe
2624	Unicorn-55349.exe
2540	Unicorn-2811.exe
2540	Unicorn-2811.exe
2988	Unicorn-30918.exe
2988	Unicorn-30918.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2400	WerFault.exe
2672	WerFault.exe
2968	Unicorn-28265.exe
2968	Unicorn-28265.exe
948	Unicorn-20362.exe
948	Unicorn-20362.exe
1256	Unicorn-7363.exe
1256	Unicorn-7363.exe
2972	Unicorn-40721.exe
2972	Unicorn-40721.exe
2416	Unicorn-15843.exe
2416	Unicorn-15843.exe
2988	Unicorn-30918.exe
2864	Unicorn-20855.exe
2864	Unicorn-20855.exe
2988	Unicorn-30918.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2608	3036	WerFault.exe	27
760	2504	WerFault.exe	28
2400	2540	WerFault.exe	30
2672	2624	WerFault.exe	29
2116	2416	WerFault.exe	33
2280	2988	WerFault.exe	32
2248	2968	WerFault.exe	34
1652	948	WerFault.exe	37
2228	1256	WerFault.exe	36
2268	2972	WerFault.exe	39
2104	2864	WerFault.exe	38
1760	1896	WerFault.exe	42
1096	840	WerFault.exe	44
2384	2044	WerFault.exe	48
2916	2316	WerFault.exe	47
1792	2296	WerFault.exe	46
1944	1104	WerFault.exe	45
1608	2324	WerFault.exe	43
2820	2796	WerFault.exe	80
2148	2360	WerFault.exe	52
1160	1536	WerFault.exe	53
596	1824	WerFault.exe	54
1128	968	WerFault.exe	55
2064	1836	WerFault.exe	56
2708	888	WerFault.exe	58
1056	1612	WerFault.exe	65
2880	1464	WerFault.exe	59
2336	924	WerFault.exe	62
2476	2688	WerFault.exe	71
2992	2636	WerFault.exe	70
2736	880	WerFault.exe	76
2768	1280	WerFault.exe	77
2396	3000	WerFault.exe	61
280	292	WerFault.exe	57
1600	2444	WerFault.exe	73
2424	2264	WerFault.exe	81
1544	2468	WerFault.exe	72
3084	1376	WerFault.exe	84
3096	2944	WerFault.exe	78
3268	1992	WerFault.exe	60
3280	2004	WerFault.exe	79
3356	2160	WerFault.exe	88
3416	2244	WerFault.exe	87
3432	1908	WerFault.exe	89
3536	816	WerFault.exe	83
3544	2464	WerFault.exe	74
3612	2924	WerFault.exe	98
3620	2980	WerFault.exe	75
3664	844	WerFault.exe	100
3728	2780	WerFault.exe	82
3768	872	WerFault.exe	101
3832	1724	WerFault.exe	99
3856	2888	WerFault.exe	105
3916	1236	WerFault.exe	95
4076	2720	WerFault.exe	69
3392	2068	WerFault.exe	66
3672	1512	WerFault.exe	104
3388	2208	WerFault.exe	103
3408	588	WerFault.exe	96
3464	1920	WerFault.exe	106
3568	1604	WerFault.exe	102
3868	2584	WerFault.exe	148
3932	676	WerFault.exe	108
4012	2684	WerFault.exe	149

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
2504	Unicorn-21364.exe
2624	Unicorn-55349.exe
2540	Unicorn-2811.exe
2988	Unicorn-30918.exe
2416	Unicorn-15843.exe
2968	Unicorn-28265.exe
1256	Unicorn-7363.exe
948	Unicorn-20362.exe
2972	Unicorn-40721.exe
2864	Unicorn-20855.exe
1896	Unicorn-23128.exe
840	Unicorn-11473.exe
2324	Unicorn-28386.exe
1104	Unicorn-29071.exe
2296	Unicorn-40808.exe
2044	Unicorn-11089.exe
2316	Unicorn-41000.exe
2360	Unicorn-39899.exe
1536	Unicorn-39873.exe
1824	Unicorn-36535.exe
968	Unicorn-58513.exe
1836	Unicorn-42177.exe
888	Unicorn-58705.exe
292	Unicorn-55176.exe
1464	Unicorn-25265.exe
3000	Unicorn-5591.exe
924	Unicorn-25457.exe
1992	Unicorn-38263.exe
1612	Unicorn-46484.exe
2068	Unicorn-17149.exe
2720	Unicorn-54336.exe
2688	Unicorn-35539.exe
2636	Unicorn-21664.exe
2468	Unicorn-1030.exe
2444	Unicorn-20896.exe
2464	Unicorn-53760.exe
2980	Unicorn-17558.exe
880	Unicorn-3298.exe
1280	Unicorn-36198.exe
2944	Unicorn-54803.exe
2004	Unicorn-5026.exe
2796	Unicorn-34361.exe
2264	Unicorn-54419.exe
2780	Unicorn-37507.exe
1376	Unicorn-53002.exe
816	Unicorn-6261.exe
2244	Unicorn-61404.exe
2160	Unicorn-40661.exe
1908	Unicorn-28732.exe
1236	Unicorn-29007.exe
588	Unicorn-45727.exe
2924	Unicorn-8757.exe
1724	Unicorn-46962.exe
872	Unicorn-29858.exe
844	Unicorn-9992.exe
2208	Unicorn-29474.exe
1604	Unicorn-9608.exe
1512	Unicorn-29090.exe
2888	Unicorn-9416.exe
1920	Unicorn-62146.exe
2488	Unicorn-34181.exe
676	Unicorn-2743.exe
272	Unicorn-475.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2504	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	28
PID 3036 wrote to memory of 2504	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	28
PID 3036 wrote to memory of 2504	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	28
PID 3036 wrote to memory of 2504	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	28
PID 2504 wrote to memory of 2624	2504	Unicorn-21364.exe	29
PID 2504 wrote to memory of 2624	2504	Unicorn-21364.exe	29
PID 2504 wrote to memory of 2624	2504	Unicorn-21364.exe	29
PID 2504 wrote to memory of 2624	2504	Unicorn-21364.exe	29
PID 3036 wrote to memory of 2540	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	30
PID 3036 wrote to memory of 2540	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	30
PID 3036 wrote to memory of 2540	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	30
PID 3036 wrote to memory of 2540	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	30
PID 3036 wrote to memory of 2608	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	31
PID 3036 wrote to memory of 2608	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	31
PID 3036 wrote to memory of 2608	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	31
PID 3036 wrote to memory of 2608	3036	e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe	31
PID 2540 wrote to memory of 2988	2540	Unicorn-2811.exe	32
PID 2540 wrote to memory of 2988	2540	Unicorn-2811.exe	32
PID 2540 wrote to memory of 2988	2540	Unicorn-2811.exe	32
PID 2540 wrote to memory of 2988	2540	Unicorn-2811.exe	32
PID 2624 wrote to memory of 2416	2624	Unicorn-55349.exe	33
PID 2624 wrote to memory of 2416	2624	Unicorn-55349.exe	33
PID 2624 wrote to memory of 2416	2624	Unicorn-55349.exe	33
PID 2624 wrote to memory of 2416	2624	Unicorn-55349.exe	33
PID 2504 wrote to memory of 2968	2504	Unicorn-21364.exe	34
PID 2504 wrote to memory of 2968	2504	Unicorn-21364.exe	34
PID 2504 wrote to memory of 2968	2504	Unicorn-21364.exe	34
PID 2504 wrote to memory of 2968	2504	Unicorn-21364.exe	34
PID 2504 wrote to memory of 760	2504	Unicorn-21364.exe	35
PID 2504 wrote to memory of 760	2504	Unicorn-21364.exe	35
PID 2504 wrote to memory of 760	2504	Unicorn-21364.exe	35
PID 2504 wrote to memory of 760	2504	Unicorn-21364.exe	35
PID 2416 wrote to memory of 1256	2416	Unicorn-15843.exe	36
PID 2416 wrote to memory of 1256	2416	Unicorn-15843.exe	36
PID 2416 wrote to memory of 1256	2416	Unicorn-15843.exe	36
PID 2416 wrote to memory of 1256	2416	Unicorn-15843.exe	36
PID 2624 wrote to memory of 948	2624	Unicorn-55349.exe	37
PID 2624 wrote to memory of 948	2624	Unicorn-55349.exe	37
PID 2624 wrote to memory of 948	2624	Unicorn-55349.exe	37
PID 2624 wrote to memory of 948	2624	Unicorn-55349.exe	37
PID 2540 wrote to memory of 2864	2540	Unicorn-2811.exe	38
PID 2540 wrote to memory of 2864	2540	Unicorn-2811.exe	38
PID 2540 wrote to memory of 2864	2540	Unicorn-2811.exe	38
PID 2540 wrote to memory of 2864	2540	Unicorn-2811.exe	38
PID 2988 wrote to memory of 2972	2988	Unicorn-30918.exe	39
PID 2988 wrote to memory of 2972	2988	Unicorn-30918.exe	39
PID 2988 wrote to memory of 2972	2988	Unicorn-30918.exe	39
PID 2988 wrote to memory of 2972	2988	Unicorn-30918.exe	39
PID 2540 wrote to memory of 2400	2540	Unicorn-2811.exe	40
PID 2540 wrote to memory of 2400	2540	Unicorn-2811.exe	40
PID 2540 wrote to memory of 2400	2540	Unicorn-2811.exe	40
PID 2540 wrote to memory of 2400	2540	Unicorn-2811.exe	40
PID 2624 wrote to memory of 2672	2624	Unicorn-55349.exe	41
PID 2624 wrote to memory of 2672	2624	Unicorn-55349.exe	41
PID 2624 wrote to memory of 2672	2624	Unicorn-55349.exe	41
PID 2624 wrote to memory of 2672	2624	Unicorn-55349.exe	41
PID 2968 wrote to memory of 1896	2968	Unicorn-28265.exe	42
PID 2968 wrote to memory of 1896	2968	Unicorn-28265.exe	42
PID 2968 wrote to memory of 1896	2968	Unicorn-28265.exe	42
PID 2968 wrote to memory of 1896	2968	Unicorn-28265.exe	42
PID 948 wrote to memory of 2324	948	Unicorn-20362.exe	43
PID 948 wrote to memory of 2324	948	Unicorn-20362.exe	43
PID 948 wrote to memory of 2324	948	Unicorn-20362.exe	43
PID 948 wrote to memory of 2324	948	Unicorn-20362.exe	43

C:\Users\Admin\AppData\Local\Temp\e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe
"C:\Users\Admin\AppData\Local\Temp\e85cef037698713b78672208b7a1d2deb2806680d3a5946f1cb8616e061017e2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        10⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        11⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
        12⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        13⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        14⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        15⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 236
        15⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
        14⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        13⤵
        
        PID:652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
        12⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        11⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        10⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
        9⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        8⤵
        Executes dropped EXE
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        8⤵
        Program crash
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        10⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        11⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        12⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        13⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        14⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        14⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 236
        13⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        12⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        11⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        10⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
        9⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        11⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        12⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        13⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 236
        13⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        12⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        10⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        8⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        9⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        10⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        11⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        12⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        13⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        13⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        12⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 216
        10⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
        9⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        9⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        12⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        13⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
        13⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        10⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        9⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        8⤵
        Program crash
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58161.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        11⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
        12⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        13⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 236
        13⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 220
        12⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        7⤵
        Program crash
        
        PID:596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        6⤵
        Program crash
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        11⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        12⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        13⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        14⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        14⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        13⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        12⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        11⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
        10⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        9⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
        13⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 236
        13⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 236
        12⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
        11⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        10⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
        9⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        8⤵
        Program crash
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        11⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        12⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        13⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        14⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        14⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        13⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        12⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 236
        11⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        10⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        9⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        8⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        7⤵
        Program crash
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        12⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        13⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
        13⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
        12⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        11⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        10⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        9⤵
        Program crash
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        12⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        10⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39160.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        12⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        12⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 236
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        8⤵
        Program crash
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        7⤵
        Program crash
        
        PID:2768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        6⤵
        Program crash
        
        PID:1792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        8⤵
        Executes dropped EXE
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 220
        13⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
        12⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 216
        9⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        11⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 236
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 236
        8⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        7⤵
        Program crash
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        7⤵
        Program crash
        
        PID:2820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        6⤵
        Program crash
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        10⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        11⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        12⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50918.exe
        13⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
        10⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        9⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        8⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        12⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        13⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 236
        12⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        8⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        7⤵
        Program crash
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        6⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        10⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        11⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        12⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        12⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
        11⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        8⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        7⤵
        
        PID:5072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        6⤵
        Program crash
        
        PID:2396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        5⤵
        Program crash
        
        PID:1652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        11⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        12⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        13⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        14⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 236
        13⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        12⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
        11⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        8⤵
        Program crash
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        12⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        9⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        Program crash
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        12⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        12⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 236
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        7⤵
        Program crash
        
        PID:3356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        6⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        10⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        11⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        12⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 236
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        6⤵
        Program crash
        
        PID:1056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        5⤵
        Program crash
        
        PID:1760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        10⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        11⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        12⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        13⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        13⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 236
        12⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        11⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        10⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        9⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
        8⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        11⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        12⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        13⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        13⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        12⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        11⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
        10⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        8⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        10⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        12⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        12⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        8⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
        7⤵
        Program crash
        
        PID:3084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        6⤵
        Program crash
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        11⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        12⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        12⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        7⤵
        Program crash
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        9⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        10⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
        11⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        9⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        7⤵
        
        PID:3944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:3268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        5⤵
        Program crash
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        11⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        12⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        13⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
        13⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 236
        11⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
        9⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        8⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        12⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
        13⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        12⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 236
        11⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        10⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        11⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        12⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 236
        12⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
        10⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 240
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        7⤵
        Program crash
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        7⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        11⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        12⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        11⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
        8⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        7⤵
        Program crash
        
        PID:3568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        6⤵
        Program crash
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        10⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        11⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        12⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 236
        12⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 236
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        7⤵
        
        PID:5008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        6⤵
        Program crash
        
        PID:1544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        5⤵
        Program crash
        
        PID:2916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        12⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        13⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        13⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        12⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        10⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        Program crash
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        12⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        13⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
        13⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        12⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        7⤵
        Program crash
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        11⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 236
        12⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 236
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        8⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        7⤵
        Program crash
        
        PID:3664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        6⤵
        Program crash
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        10⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        9⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 216
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        7⤵
        Program crash
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10176.exe
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 236
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 236
        9⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
        7⤵
        
        PID:4192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        6⤵
        Program crash
        
        PID:3620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        5⤵
        Program crash
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36293.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35170.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        10⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        11⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        10⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        8⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        7⤵
        
        PID:4944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        6⤵
        Program crash
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        10⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        11⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 236
        11⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        10⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 236
        9⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        9⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 236
        9⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 236
        8⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 220
        7⤵
        
        PID:6328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        6⤵
        
        PID:4168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
        5⤵
        Program crash
        
        PID:280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
      4⤵
      Program crash
      PID:2104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
  2⤵
  - Program crash
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe

Filesize
184KB

MD5
dd231c8581c8518646d3e482b2dd08d9

SHA1
2d51e33204b26d75eddca5ff4e8b20d09370ed99

SHA256
c4f3c8bfd5c35f822f6803a3a8be6536aeedfd0a5523ca2668acce9e1a0cde18

SHA512
cb851d1ef8b3b90d15803d53a5271bd140b9972e23bb584ba73a72d7e15b06077abb80ccba9d7888c24c69dde0aea0bb3beee3f893cb76ae6ccfa7a05637f993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe

Filesize
184KB

MD5
0fb0ee177dd0753713785286425e886d

SHA1
6ab273d4271f8cc54cf86de8365110db6465f79a

SHA256
9044f52bf22f1c613366e34abd9b732f77e0847d78fee7ba7500bac4097fa61d

SHA512
b65cc9ba5d2f8ef9c3907a670d92a64f2921fda12bff95de9a4f6b6a50c251b7ebc3cd3765952fe00f884d27a8affa497203bd1bcc46bcfad60b754a30251c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe

Filesize
184KB

MD5
e00963fa8a9efe47cb14fb10d02c8a4a

SHA1
2a549e19fadcd5b9ef9329335d2d1cb6753b9e66

SHA256
ab6986d242cb740df9ed9137164f1aa65b8cf86ccb2d892caccea8af2a656e78

SHA512
a1318feeeea14927f48d9dd246b3b87300ceb5323cd67d848389370bc4e7bebf8b7d6cc009f69ef8196056b2d1631f263d1c0af6e459dda6ccf79e9d0b745607

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe

Filesize
184KB

MD5
5842e72ff433069689776f3fe5a20414

SHA1
1107ae1b23346057c13193049796f3f1b06f37a1

SHA256
0af07f19e1620ce178ad3796b39b6836265425dd6c7afabd2db4b047a9975c1e

SHA512
0a80235bc0d6d83a496885c3a195988e2d39673c61802e53ca1b2a3050e0b9d35f9e1748e8debf88ecc5dcd91a0e67203567ab942a09be0cb2d36b557d07abd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe

Filesize
184KB

MD5
8fb00d073715fe7b865f33390e82a95e

SHA1
77a1bb17d6b9191a409cf9d9f1c63db5d3701366

SHA256
2ee4daac64e7b4f969b63c2b7808239015f9f66e30933d2b570df2f2a6c1764e

SHA512
e2c4f7bdf4f746596e12ac70863b649e1a88cc2995d0818faf22a8810fbacd162aafe745fb0d5ec8dd5fdc64658e6497ceeb6487781a3a862a0d4b9d8d41578e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe

Filesize
184KB

MD5
8842aef285a44b9558d260324ee12f68

SHA1
f62ae52cf70f2d2b09924b0573c0204669d9d146

SHA256
8ee72c12144908de49cf59416cfae56bd7c5f8a7838b270a1573ee0d011bea19

SHA512
fcf5311255cfbafd621f2aa318ed03c6f0dfcd5d9b9cfe50fbfd5f18db8159c875f681589af083a1b36bad6a6f425c69e77336dc7ace15281749c42fcf7a1637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe

Filesize
184KB

MD5
c4cb102d4ef150c52d6e364519c35c72

SHA1
d8522f519bc77df47c3bf1abd4a7affc997ff53e

SHA256
331c2a3e4330416aa8e3eb8705656e680c0142435fd730cd02e6e11ba675b72e

SHA512
c4cdf91f631d47c6d64a02c6618ccd16d87367bd2307e9f3321d94269c7e48e453970776e3af24eff3c5bc75ae322f2dc08fe98ee8a076517cc3f0ab8f77e5be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe

Filesize
184KB

MD5
81a533ec490db7bc63972475c11f3a80

SHA1
580b695a53d934030ab77bffc18171c0130860d0

SHA256
c590396d67bb8e7b9898f3ed1a00aedadff3caef6f0e3dcd88f8c233cb429d52

SHA512
14890e161206bcbf988543694b1153d7db3dde31b2a5361cc9ee859f267840e84790f04c740157fe28663903332830cda572ca11fcda0a950fcbfd4ca27c3422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe

Filesize
184KB

MD5
5c3b6e76384c856c7dc792d0748a734d

SHA1
155ddfe8d5b6f49ebb4062c3eac881904090b60b

SHA256
f95a1aedecd756108377037696c99536ced85c0249560342f9eac8828f014968

SHA512
c1183f0c1649fc2026995904432ab81577599ca2abc0d2162a8318a71f9cee0afbf2b91c8633d204ca1a7c1fc3df7012012196b4a8439024ea8ac55e86a6ceb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe

Filesize
184KB

MD5
82718e55115d0c47371ed47976aff4e4

SHA1
176e4a10a4d4c591410fb891115a5353c1237a24

SHA256
ea4453cfdbedf1b7e191cf2b80878014fd701d1f43b4e60cc03d2d92f40ee612

SHA512
f4865b39b9d6df65967682514b7fd1495218479243584de88f1b928695f5a7f858a5ce09322b18bd6a62d776604c6a729a544274c09fd511a30f9a3bbb7c42c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe

Filesize
184KB

MD5
077d328fefa4be42b77783a6de1cc012

SHA1
f58b16698453c17173672c5742567154b7014906

SHA256
12b1d7e79d260ff0e76af218611d5c1bcdc5a3917243c1aae6a4105ccc9efcae

SHA512
4573d112062f7db3f2f4878b998e2505e8c9e1765df8b171560619e5717a35fc1d201f79700db629d9c2af94e5afb8f97b4ba89fc1d61a1b9477320811677ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe

Filesize
184KB

MD5
1070bfc66e5e9347520d6754918902de

SHA1
2f60179887597f8c7eeff8a695ed32a5dca72783

SHA256
369af91f43d0f5d317ca2c06fc7ff1fd212d8a2da884d634817cf777713d7fae

SHA512
96a2fb13eef1fee0ae24e7548aa6d839672b15791d4b5746cecca1fe7541534d12b677a79e4fb26f5b2e40a0d74064b1b989b91b2e562fd82de162b4388261d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe

Filesize
184KB

MD5
4935fa0ba67792bae30809651a9386a3

SHA1
0e76e6bed30f10a17887eb3b8f673f3940963464

SHA256
f633f7d8730158fbc8f2589c309b454aa447bbbf82ed8b172f19886f411f6926

SHA512
20fcd19cb9b4c5f4098329a51bf60a6ef88768df4383631d73672677488693737f474b4b17e3f6427065b6e7e676aecef25dc99cb55c8955d25555d27d68f0c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe

Filesize
184KB

MD5
901c375bf7cfb4d790180be635ee90ee

SHA1
f442aa6856b1d7b2c569119ef5900f845b594a1a

SHA256
68bc328e5625a34d801328bb3c913b332343f72f534474d551949dccedf017a1

SHA512
92c6c9f1ecdb68877e3ac7b57c33168fa80e7d5036ab8926b801cbb8a0aefe7219190e68abede01ae02085c725989eb78bf25cc017ac36c4a78cb418d897404e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe

Filesize
184KB

MD5
8163aa71802e6b88300539edef1bb69c

SHA1
d6d02706e8c424305ecabaee9edcde2b91ee6f2d

SHA256
fdb16d2ba787738a059957b3dd69ef6f88eaa6e4b81df729fdca55678a3ec019

SHA512
2c98458ce0f3f2b6a1b8b063d1c56703d5716dfbc2f44b3c2f0889c22131d7afb1b2d2a73dddb9563db5dba826c7a072a9a2d002538eb014f38e59af22ca6a7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe

Filesize
184KB

MD5
3f11acb9a484d4ee20157bccb677f01b

SHA1
6f3ed94129c3f859f3e15a56b026289b7296184e

SHA256
41e0fb61123dbbe57947fe3248519994d85ad2f430418209fab6da8774402a3f

SHA512
361254071affa811e7712517782ba01734c236fee589cb567b80bb981e1acd86839a8785b001911fa78b35f784e217466e7fd16843b76212786ed37e22d899d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe

Filesize
184KB

MD5
471694607560e13c8f44d05149087601

SHA1
e2066135c3c93695914e32af8c27057a7f5c5483

SHA256
a9f4edb859abd1d26a11c6bc41d8d051d840dec09b4164ec9f1fd7a092562e53

SHA512
2b5edb7fcb38f4a83f69d01e31fda540ebb4e0bbbdc0b7740b97d76b8ca96138a99c926c42fcdac8d58a0813987e8bc867030f8b32ad6952eb16acdb2066bc1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe

Filesize
184KB

MD5
8ccdb501e8b14bfffb24de57781ee746

SHA1
9bff1d14e5c8ba5280f9443190d465345e074538

SHA256
5c6cd937a074eb1edb89b78f513afa6f2aaa06f9ca0c216d4600129b631feb9e

SHA512
432214638310a3b1ebf845dad00892052c8020291c45159b332e263c95cd1630786255e968f63f9f4862099648b9df287783e70ec33195c12ebfc18be9bdd1a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe

Filesize
184KB

MD5
354fb858c4a9e2adef53a45a7f71a911

SHA1
604b8171127136fde39b0b1eb20026b61b92477d

SHA256
95e3e671352211350f1eed361cf5921db8cbba11623b8055a2f23dc6cd7328f9

SHA512
4903e5e988b5f153d723dd70acd21d959b18a54ff3d16508e0c20bc6ab17f8e2df55ee2e0f46017a2122288db67c56a43d3807bafc491157b76083e8b7d1d025

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe

Filesize
184KB

MD5
1ec0504403b4f11768702cf08a27a523

SHA1
6381b2ed628dbc23fac466d92b56a60d705d7177

SHA256
56a46a6ecdbda16a62e5c5ab94bf70e80b79e6c045b24380f462191ae172f1f9

SHA512
73ae1b9cb45d37892518a332707f727845d3d3d025a1e26e91c8bf613398b4b41c65cbe6b29395d24f4a74b952e6ecca4464d34b9f41afe604762d6411a26719

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe

Filesize
184KB

MD5
2fed8bcfc5b38182e94bfc1702f28952

SHA1
3c6085f563f9aa21304449bb5c5b51e095bd648f

SHA256
4d7fc747629716a81a95e524d8be6384209ec2ef00352b2c5f62f2d20241ec26

SHA512
95c1038ab13eafd3a3f396f5965e698e8c2970623f4006ecbace45f6ed647e4e9831bfb710dfbdb33ceacfb0d5c2707a7505612196d5295bfaec06f396e5d59b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe

Filesize
184KB

MD5
7cda174bbccef628a3f3fa09a14073a1

SHA1
5916295231435ec77bdb2fdf15121e80afe936ac

SHA256
e21ce05608aa601a1fe154e23c02d7147e898f8856975eba91d75101f3de19ad

SHA512
fd2b06544c88bf582189bcf5e5fc3b0cc575beee5919abefec15de3b10ae98f9f17281ee53010ac781fcdfd61fc26c7485ed8e08615ed4f4a8f28b26287ecc25

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads