9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
Size

184KB
MD5

6e117608406bce233941fcdf637ebdb4
SHA1

fae7ffac9e3a6f5aab54de47a1bcb5680af34786
SHA256

9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334
SHA512

1f66db268618b5cbb9c42ba9125e4ea205cd15f3176c403ee3c2449434e6bafd0900b73140ad1129bc282fbf79158ec2e09c06d4dfe24b46ab54bc70795a0c7c
SSDEEP

3072:rmon6golfpA9dKFYegOa4HpKIKY7+P9fq+eKO5E6UDg/lnHOFZnT:rmqoILKFnaupKImFVU/lnHOFZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2248	Unicorn-53232.exe
2680	Unicorn-4714.exe
2844	Unicorn-46453.exe
2620	Unicorn-7362.exe
1540	Unicorn-42400.exe
2556	Unicorn-44913.exe
2096	Unicorn-3707.exe
668	Unicorn-31589.exe
1348	Unicorn-12088.exe
1124	Unicorn-26998.exe
1488	Unicorn-54880.exe
944	Unicorn-35320.exe
936	Unicorn-2289.exe
956	Unicorn-30747.exe
1944	Unicorn-20603.exe
2428	Unicorn-47525.exe
2676	Unicorn-57598.exe
2420	Unicorn-52014.exe
2508	Unicorn-6342.exe
2884	Unicorn-34618.exe
720	Unicorn-28457.exe
1580	Unicorn-33082.exe
2208	Unicorn-44135.exe
840	Unicorn-50819.exe
2124	Unicorn-10684.exe
1196	Unicorn-29434.exe
2296	Unicorn-2988.exe
2116	Unicorn-2988.exe
1760	Unicorn-9148.exe
1696	Unicorn-35983.exe
2236	Unicorn-7596.exe
2148	Unicorn-56697.exe
2532	Unicorn-36639.exe
2464	Unicorn-11253.exe
2548	Unicorn-42748.exe
2500	Unicorn-49245.exe
2504	Unicorn-11118.exe
2772	Unicorn-2037.exe
1856	Unicorn-26411.exe
812	Unicorn-33864.exe
1412	Unicorn-46697.exe
2200	Unicorn-6614.exe
2172	Unicorn-6614.exe
1168	Unicorn-60091.exe
2184	Unicorn-60091.exe
1308	Unicorn-14419.exe
1656	Unicorn-49998.exe
2280	Unicorn-38985.exe
2164	Unicorn-58851.exe
2916	Unicorn-32478.exe
1288	Unicorn-52344.exe
328	Unicorn-22386.exe
1964	Unicorn-47964.exe
1900	Unicorn-46675.exe
2632	Unicorn-18916.exe
2204	Unicorn-36286.exe
2076	Unicorn-63120.exe
2524	Unicorn-32799.exe
1344	Unicorn-16005.exe
2376	Unicorn-45212.exe
2776	Unicorn-27231.exe
576	Unicorn-12757.exe
1952	Unicorn-58429.exe
1192	Unicorn-2705.exe

Loads dropped DLL 64 IoCs

pid	Process
2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
2248	Unicorn-53232.exe
2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
2248	Unicorn-53232.exe
2680	Unicorn-4714.exe
2680	Unicorn-4714.exe
2248	Unicorn-53232.exe
2248	Unicorn-53232.exe
2844	Unicorn-46453.exe
2844	Unicorn-46453.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2620	Unicorn-7362.exe
2620	Unicorn-7362.exe
2680	Unicorn-4714.exe
2680	Unicorn-4714.exe
1540	Unicorn-42400.exe
1540	Unicorn-42400.exe
2556	Unicorn-44913.exe
2844	Unicorn-46453.exe
2556	Unicorn-44913.exe
2844	Unicorn-46453.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2096	Unicorn-3707.exe
2096	Unicorn-3707.exe
2620	Unicorn-7362.exe
2620	Unicorn-7362.exe
668	Unicorn-31589.exe
668	Unicorn-31589.exe
1348	Unicorn-12088.exe
1348	Unicorn-12088.exe
1540	Unicorn-42400.exe
1540	Unicorn-42400.exe
1124	Unicorn-26998.exe
2556	Unicorn-44913.exe
1124	Unicorn-26998.exe
1488	Unicorn-54880.exe
2556	Unicorn-44913.exe
1488	Unicorn-54880.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
1844	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2608	2812	WerFault.exe	27
2452	2248	WerFault.exe	28
2004	2680	WerFault.exe	29
2008	2844	WerFault.exe	30
1064	2620	WerFault.exe	32
832	1540	WerFault.exe	33
1844	2556	WerFault.exe	34
1216	2096	WerFault.exe	36
1496	668	WerFault.exe	37
1628	1348	WerFault.exe	38
2440	1124	WerFault.exe	39
3064	1488	WerFault.exe	40
2584	944	WerFault.exe	43
2748	936	WerFault.exe	45
632	2428	WerFault.exe	47
1668	2420	WerFault.exe	49
1508	2508	WerFault.exe	50
3004	2676	WerFault.exe	48
2836	956	WerFault.exe	44
2688	1944	WerFault.exe	46
2448	2884	WerFault.exe	54
2468	1580	WerFault.exe	56
2640	720	WerFault.exe	55
2144	840	WerFault.exe	58
1584	2116	WerFault.exe	62
976	1696	WerFault.exe	64
2512	2148	WerFault.exe	69
2492	2124	WerFault.exe	59
2360	1412	WerFault.exe	80
2332	2504	WerFault.exe	76
572	2236	WerFault.exe	65
1772	812	WerFault.exe	79
2432	1856	WerFault.exe	78
876	2532	WerFault.exe	72
2400	2500	WerFault.exe	75
3124	2164	WerFault.exe	89
3148	2184	WerFault.exe	84
3196	2208	WerFault.exe	57
3540	1196	WerFault.exe	60
3604	2772	WerFault.exe	77
3888	2296	WerFault.exe	61
3968	2200	WerFault.exe	83
4060	1308	WerFault.exe	86
4076	2172	WerFault.exe	82
3092	2916	WerFault.exe	95
3180	2548	WerFault.exe	74
3192	2280	WerFault.exe	88
3232	1168	WerFault.exe	85
3344	1912	WerFault.exe	81
3372	1656	WerFault.exe	87
3400	1760	WerFault.exe	63
3600	576	WerFault.exe	113
3624	2076	WerFault.exe	107
3640	2632	WerFault.exe	105
3656	2464	WerFault.exe	73
3664	1900	WerFault.exe	104
3212	2536	WerFault.exe	130
3244	2168	WerFault.exe	137
3692	2264	WerFault.exe	136
3960	1288	WerFault.exe	96
3160	2288	WerFault.exe	153
2792	1192	WerFault.exe	115
3944	1832	WerFault.exe	138
3492	328	WerFault.exe	97

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
2248	Unicorn-53232.exe
2680	Unicorn-4714.exe
2844	Unicorn-46453.exe
2620	Unicorn-7362.exe
1540	Unicorn-42400.exe
2556	Unicorn-44913.exe
2096	Unicorn-3707.exe
668	Unicorn-31589.exe
1348	Unicorn-12088.exe
1124	Unicorn-26998.exe
1488	Unicorn-54880.exe
944	Unicorn-35320.exe
936	Unicorn-2289.exe
956	Unicorn-30747.exe
1944	Unicorn-20603.exe
2428	Unicorn-47525.exe
2676	Unicorn-57598.exe
2508	Unicorn-6342.exe
2420	Unicorn-52014.exe
2884	Unicorn-34618.exe
720	Unicorn-28457.exe
1580	Unicorn-33082.exe
2208	Unicorn-44135.exe
840	Unicorn-50819.exe
2124	Unicorn-10684.exe
1196	Unicorn-29434.exe
2296	Unicorn-2988.exe
2116	Unicorn-2988.exe
1760	Unicorn-9148.exe
1696	Unicorn-35983.exe
2148	Unicorn-56697.exe
2532	Unicorn-36639.exe
2464	Unicorn-11253.exe
2548	Unicorn-42748.exe
2500	Unicorn-49245.exe
2504	Unicorn-11118.exe
1856	Unicorn-26411.exe
2772	Unicorn-2037.exe
812	Unicorn-33864.exe
1412	Unicorn-46697.exe
2200	Unicorn-6614.exe
1912	Unicorn-23828.exe
2172	Unicorn-6614.exe
1168	Unicorn-60091.exe
1308	Unicorn-14419.exe
1656	Unicorn-49998.exe
2184	Unicorn-60091.exe
2280	Unicorn-38985.exe
2164	Unicorn-58851.exe
1288	Unicorn-52344.exe
2916	Unicorn-32478.exe
328	Unicorn-22386.exe
1964	Unicorn-47964.exe
1900	Unicorn-46675.exe
2632	Unicorn-18916.exe
2204	Unicorn-36286.exe
2076	Unicorn-63120.exe
2524	Unicorn-32799.exe
1344	Unicorn-16005.exe
2376	Unicorn-45212.exe
576	Unicorn-12757.exe
2776	Unicorn-27231.exe
1192	Unicorn-2705.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2248	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	28
PID 2812 wrote to memory of 2248	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	28
PID 2812 wrote to memory of 2248	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	28
PID 2812 wrote to memory of 2248	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	28
PID 2812 wrote to memory of 2680	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	29
PID 2812 wrote to memory of 2680	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	29
PID 2812 wrote to memory of 2680	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	29
PID 2812 wrote to memory of 2680	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	29
PID 2248 wrote to memory of 2844	2248	Unicorn-53232.exe	30
PID 2248 wrote to memory of 2844	2248	Unicorn-53232.exe	30
PID 2248 wrote to memory of 2844	2248	Unicorn-53232.exe	30
PID 2248 wrote to memory of 2844	2248	Unicorn-53232.exe	30
PID 2812 wrote to memory of 2608	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	31
PID 2812 wrote to memory of 2608	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	31
PID 2812 wrote to memory of 2608	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	31
PID 2812 wrote to memory of 2608	2812	9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe	31
PID 2680 wrote to memory of 2620	2680	Unicorn-4714.exe	32
PID 2680 wrote to memory of 2620	2680	Unicorn-4714.exe	32
PID 2680 wrote to memory of 2620	2680	Unicorn-4714.exe	32
PID 2680 wrote to memory of 2620	2680	Unicorn-4714.exe	32
PID 2248 wrote to memory of 1540	2248	Unicorn-53232.exe	33
PID 2248 wrote to memory of 1540	2248	Unicorn-53232.exe	33
PID 2248 wrote to memory of 1540	2248	Unicorn-53232.exe	33
PID 2248 wrote to memory of 1540	2248	Unicorn-53232.exe	33
PID 2844 wrote to memory of 2556	2844	Unicorn-46453.exe	34
PID 2844 wrote to memory of 2556	2844	Unicorn-46453.exe	34
PID 2844 wrote to memory of 2556	2844	Unicorn-46453.exe	34
PID 2844 wrote to memory of 2556	2844	Unicorn-46453.exe	34
PID 2248 wrote to memory of 2452	2248	Unicorn-53232.exe	35
PID 2248 wrote to memory of 2452	2248	Unicorn-53232.exe	35
PID 2248 wrote to memory of 2452	2248	Unicorn-53232.exe	35
PID 2248 wrote to memory of 2452	2248	Unicorn-53232.exe	35
PID 2620 wrote to memory of 2096	2620	Unicorn-7362.exe	36
PID 2620 wrote to memory of 2096	2620	Unicorn-7362.exe	36
PID 2620 wrote to memory of 2096	2620	Unicorn-7362.exe	36
PID 2620 wrote to memory of 2096	2620	Unicorn-7362.exe	36
PID 2680 wrote to memory of 668	2680	Unicorn-4714.exe	37
PID 2680 wrote to memory of 668	2680	Unicorn-4714.exe	37
PID 2680 wrote to memory of 668	2680	Unicorn-4714.exe	37
PID 2680 wrote to memory of 668	2680	Unicorn-4714.exe	37
PID 1540 wrote to memory of 1348	1540	Unicorn-42400.exe	38
PID 1540 wrote to memory of 1348	1540	Unicorn-42400.exe	38
PID 1540 wrote to memory of 1348	1540	Unicorn-42400.exe	38
PID 1540 wrote to memory of 1348	1540	Unicorn-42400.exe	38
PID 2556 wrote to memory of 1124	2556	Unicorn-44913.exe	39
PID 2556 wrote to memory of 1124	2556	Unicorn-44913.exe	39
PID 2556 wrote to memory of 1124	2556	Unicorn-44913.exe	39
PID 2556 wrote to memory of 1124	2556	Unicorn-44913.exe	39
PID 2844 wrote to memory of 1488	2844	Unicorn-46453.exe	40
PID 2844 wrote to memory of 1488	2844	Unicorn-46453.exe	40
PID 2844 wrote to memory of 1488	2844	Unicorn-46453.exe	40
PID 2844 wrote to memory of 1488	2844	Unicorn-46453.exe	40
PID 2680 wrote to memory of 2004	2680	Unicorn-4714.exe	41
PID 2680 wrote to memory of 2004	2680	Unicorn-4714.exe	41
PID 2680 wrote to memory of 2004	2680	Unicorn-4714.exe	41
PID 2680 wrote to memory of 2004	2680	Unicorn-4714.exe	41
PID 2844 wrote to memory of 2008	2844	Unicorn-46453.exe	42
PID 2844 wrote to memory of 2008	2844	Unicorn-46453.exe	42
PID 2844 wrote to memory of 2008	2844	Unicorn-46453.exe	42
PID 2844 wrote to memory of 2008	2844	Unicorn-46453.exe	42
PID 2096 wrote to memory of 944	2096	Unicorn-3707.exe	43
PID 2096 wrote to memory of 944	2096	Unicorn-3707.exe	43
PID 2096 wrote to memory of 944	2096	Unicorn-3707.exe	43
PID 2096 wrote to memory of 944	2096	Unicorn-3707.exe	43

C:\Users\Admin\AppData\Local\Temp\9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe
"C:\Users\Admin\AppData\Local\Temp\9caf2a0ba3aea123d93b184cb03df4ba0feeb78b35cd68b235c7b6771c0bd334.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        11⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        12⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        13⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        14⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        14⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        13⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        12⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        11⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        10⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        12⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        13⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        13⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
        12⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        12⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
        13⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        9⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        Program crash
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        7⤵
        Program crash
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        10⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
        12⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42809.exe
        13⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        12⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        11⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 216
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
        8⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        10⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:3888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        6⤵
        Program crash
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        12⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        13⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        11⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        8⤵
        Program crash
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        7⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        11⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
        11⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        12⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        7⤵
        Program crash
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        10⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        11⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        12⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        12⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        9⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        8⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
        7⤵
        Program crash
        
        PID:2360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        6⤵
        Program crash
        
        PID:1668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        10⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        11⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        12⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 236
        12⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
        8⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
        7⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
        8⤵
        Program crash
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        7⤵
        Program crash
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        7⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        11⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 236
        11⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        10⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
        8⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        7⤵
        Program crash
        
        PID:3192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
        6⤵
        Program crash
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
        10⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        7⤵
        Program crash
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        6⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266
        7⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 240
        8⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        7⤵
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:1584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        5⤵
        Program crash
        
        PID:3064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        12⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 236
        12⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        9⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        8⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46689.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        11⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        12⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        8⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        7⤵
        Program crash
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        11⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 236
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
        8⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
        7⤵
        Program crash
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        6⤵
        Program crash
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        5⤵
        Executes dropped EXE
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        10⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        11⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        7⤵
        Program crash
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        10⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        11⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        10⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        9⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
        7⤵
        
        PID:4392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        6⤵
        Program crash
        
        PID:572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        5⤵
        Program crash
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        12⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 236
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        8⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        9⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        11⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
        12⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        11⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        9⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        8⤵
        Program crash
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        11⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 236
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        7⤵
        Program crash
        
        PID:2792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        6⤵
        Program crash
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        10⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        11⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        9⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        7⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
        6⤵
        Program crash
        
        PID:2432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        5⤵
        Program crash
        
        PID:632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        10⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        11⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        12⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        13⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        14⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        14⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        13⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        12⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        11⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        10⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        12⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        13⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        13⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        12⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        11⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        10⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        9⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35953.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        12⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        13⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        12⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 220
        11⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        10⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        9⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        8⤵
        Program crash
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
        12⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        12⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        10⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        8⤵
        Program crash
        
        PID:3092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        7⤵
        Program crash
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        12⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        13⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        13⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        12⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        9⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        12⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        12⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        10⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        8⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        7⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        12⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
        8⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        Program crash
        
        PID:876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        6⤵
        Program crash
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
        11⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        8⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        10⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        11⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        11⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        7⤵
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 236
        6⤵
        Program crash
        
        PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        5⤵
        Program crash
        
        PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 236
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        9⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        8⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        7⤵
        Program crash
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33675.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        9⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        10⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        9⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        8⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        7⤵
        
        PID:4912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        10⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        11⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
        11⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        10⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        9⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        8⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        7⤵
        
        PID:4332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        6⤵
        Program crash
        
        PID:3148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        5⤵
        Program crash
        
        PID:2836
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
        12⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        12⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 236
        11⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        10⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        10⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        11⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
        11⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        9⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        7⤵
        Program crash
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        10⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        11⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        8⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        7⤵
        Program crash
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 220
        6⤵
        Program crash
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        11⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
        11⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        10⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        9⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        8⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        7⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        6⤵
        Program crash
        
        PID:2400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        5⤵
        Program crash
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        10⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        11⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        12⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        12⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
        11⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        10⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        11⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        9⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        8⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        7⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        10⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 236
        10⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        9⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        7⤵
        
        PID:4688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        6⤵
        Program crash
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        9⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        10⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 236
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        9⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
        8⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        7⤵
        
        PID:5384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        6⤵
        
        PID:4500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        5⤵
        Program crash
        
        PID:3196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
      4⤵
      Program crash
      PID:1496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
  2⤵
  - Program crash
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe

Filesize
184KB

MD5
9f6cb0dd55bfb60e313321f7646d772a

SHA1
60d3eeaafda9e94779984d36c4af9fb5c07b5359

SHA256
1fe6721a7dea3b23ccbad9d4f800e2857d6f712328f54336d86e76fd8236aefa

SHA512
54dbe4f05d6709b53af2c251469e864e9a918406358aeaba8d6a32fcf5a706a830d51bf82695c13de62a8aa077602c1be70b9db9d7e1033e1a30f602811d436f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe

Filesize
184KB

MD5
6aed4d07dc7cccfa23441f5183418c1f

SHA1
30283b4e1ad386b7c25bc5090b41e7478648d8b0

SHA256
8bb2bfc34528f3c84e744c5127221ee5bb197d53062bfb92b5a16890ba18a7b1

SHA512
c80ebbb186b36209db2dd0e2ff3a5ac3d264801821c1eca079de074832b2e2d013b9c0d8b6c77095bf9e7c64621e996d822de98409faed812784049e1f9d2ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe

Filesize
184KB

MD5
ab2a32c540a9961f98c5d7d6c270ae81

SHA1
637e486a161d0401ce9a46ffc28057699cb3680e

SHA256
a1d0ac91e89f9ccc69be700bacf7f332ced95c52fbc7224d9b6dac4edcba26b2

SHA512
7d0335f0b6bb355d4b9fa6592a050994d1365044a400b5f5211b27c1cc90ed090c21b3bc1495481e07cc78084e3afce4a436c0e98740a76d6c18e34ab36a807f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe

Filesize
184KB

MD5
7a600225a33d8984c5a45301f5e29b3f

SHA1
6cc6f25e2467e90d1489c3fc06ce6e775136731a

SHA256
2fee4781ee0095fd6b6bed8b944a55e90500bc108dbdf9756c2dd4c78ec21807

SHA512
2fbee6e13f72f5195bc664efe324ace282a490e82964d44479f47c43a57aed81a627a82f9ee5fcdd135a747f6888cf60868d6b6a2069d5dc176804d339969b3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe

Filesize
184KB

MD5
8866128b422654736a04dd9b425c71de

SHA1
4d43c73e5b2a200d4a660daa0d688a27c47d9276

SHA256
e5462ef7d25406ce432b4645be07dd9b7bdc0963d435b84bcaed32903d68910e

SHA512
8d8f888321324aa538c9cf9ffc41b3c265b90f5bda847a71df169a8cf8a7375a379bacc32a33393839088129d166541693b370d5416d1f1a45bc020ed3a6ad35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe

Filesize
184KB

MD5
0d8ca3fdd1fdc4be649e6d742c1918e9

SHA1
9621553200f251204ffc83f283e57f2da76168a1

SHA256
65390c47cd53dc36c51eb5ca826d0a089fd8be4978fef0e980e04bcf36abea91

SHA512
29528fbc42e0f595b9fc808b1b0eddb40612322eb87c0875858ae1a0b92f08b30debd17c709de48ecefcf2d7b6b4c4e74c3c019d416315ed05a7ed2e44d0e90a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42809.exe

Filesize
184KB

MD5
fce4f288ce1e91275a5015d5ca14fb70

SHA1
e17cd38ed6ce9426cbccfec68dd86019d1904328

SHA256
ef2c65dd40627a089fe2f0829d7b9214b331bb2ce625c951046b524ed6f56595

SHA512
f2f73fa668586d9ab4dfc4faf269b102c5df0c8d3b1d5dca7d1cde1deb49f8c41c8df0b1ccc6f455f5836a5bd2bb60461f4eebdbca9ca5b8670224cd5759111b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe

Filesize
184KB

MD5
1f74cf9dc731c18295863dfdc93bfb13

SHA1
348c8a02c82ebdaf9bd1c92eb5137321b6c1dbf7

SHA256
1e802292fce73c0ea194a3ad25b6aa972013e9fc5e9703c640bde30e08d95066

SHA512
9ba1aa22a5fdac25a9556bef199c34e6c6bf5ab064e12005edba5c7d18ae601fb95f40e3f2f0198353c71baf2c069eea1c9b956d4ee3485143fdaae08d707d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe

Filesize
184KB

MD5
cd700531b319ef3e29bce23cd03ad82c

SHA1
52f3eac11c82dacb8c215e50cff37b7ce2a2f008

SHA256
f9794b5a788d7297b58f9bdc02c78e5323793d755c30b60812980e9bd5fe99b1

SHA512
49f271a7845bc9c9124e842bb4f1290367001056990b94cbce73e41e8f7c7312de382a4ea40dc0ca8c398706fcc3ceaa9f03f7200a1d77c71dea0d0873f58d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe

Filesize
184KB

MD5
ecf6a767eaf547ac64ea1ea5cd37a07b

SHA1
acbca8b6c6bac8916cb30b954b47c736248d9e86

SHA256
ed3bd5222769782ca65ebedc56dbdf2e5235f16976e22e331a25090323438a2f

SHA512
27d75e622be335799c3c98f7baf1a81638156dd4d7972ac67edfe533dcc65a2e8504a5b40e5fa0cc7cf7a37414f7bb819e22a6a3e04df887e840e011175dac9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe

Filesize
184KB

MD5
6da20ea452febee8564924e59cdb786d

SHA1
326030af139e8c9faad6c1e2eac47fae78c4505e

SHA256
7b93ce54363f386695c72933a27034ce00ba59562ffe38fa15c88307668839d1

SHA512
fe17784e64a3b46fc0b2c386a08810592b026b7832ff400a9d8afd205f1aac51622562b7c720c32e1ebeba5e3d431ace4e459e922c845d99194af94643217e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe

Filesize
184KB

MD5
51616882e55816af9932a5971ba543a6

SHA1
29ec67060ab3f288c809a59279cee74081101c59

SHA256
07f0b3db74bc8c78acf671ef2ba576b5886daa7b0cea7f87c1d492ed895c1b51

SHA512
e8be62514cc7bdce39f4f303fb0084adeac6886db1f64e94ec62c4cf1245c9ad978f42f1118a83c7dc6fd11c938a302c99c1f89d5cb5c0eef51d4917883ef70a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe

Filesize
184KB

MD5
4d319120fd8364f01b0bca382845feab

SHA1
8fdce951e0441e400d87b91e4d00072e14f1f783

SHA256
0a387a84959e6d920fe8817b53b4e8bd3dc97cc1f11cc23baa0dd7a4595cebe1

SHA512
ec5a700d417ccd5c61769f2e90290aa4ce1a66c578b4ffa686e6f4a6cc353fd515486b28474114ad2264d30cca6759e920744d408f71fe6ba449e6a1bcb81916

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe

Filesize
184KB

MD5
ef8ee11730f35c606f703dae830ef906

SHA1
e8a4d7cd8c62280c3e026cc6206479c0419617e0

SHA256
164bc326b2a7e719e7068427fabebb1917aadbd3bd9ba38feece9a421f0d8457

SHA512
bb8859cfb5c64aff89340ce1b5c9f5559f656a991431f37ff3a158e38c5baa69e9250aac32b9ab725ea72fe234e931f5111e528dc6db94f65e3a2e96e74df9c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe

Filesize
184KB

MD5
ffbe5055e778892aca74edc1c7a8d437

SHA1
517dc5b76dc9956ddc75586a1c0fea3c567dea95

SHA256
f02291e0dc7887d3aa084b6c777990defcba2f47748cb9c343ff679b5e711cc0

SHA512
3ced0aafc491e8e64ae0f05f69e990e9ef8c0b3efb4738e68757e8b298a53d27e5f3dc1c6c662e4b7724e5df47f788f2b74d5e20adf622be6b2e0571660f3c55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe

Filesize
184KB

MD5
d36663de8134fda5a56a894ef6b207e1

SHA1
6319f292a0cde13ff8e92412e2ec4f9cbe7713e3

SHA256
581a382a5d9758af634888a0579094cd0f09f2e5c9a34e2b892ed064e9812f05

SHA512
24a745e3e3011b88e74054288467e6737db4647e30ef0e23e92fb09d83963a2926adbb4ebd5b7efc0cd75592612cc0fda35633e943100f52305e5e142dc1ee5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe

Filesize
184KB

MD5
fb307faef8b934e7cc1dbcbdf83563e2

SHA1
0c99f290b710babfe4491ebe7d50d52489bd4fd4

SHA256
af7e3a56b3dc8265fbbccfba8b71ccdd04ba6c6420859aaefb6211c504194ca2

SHA512
8741d2eb74ac26d76c5c9d6503ed6fd046ec21b8e0dbc32825a69d07c6303bc1463606838c3b865884f4a7711b531f2758f15d64fc2510d82b99f3e42f137abe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe

Filesize
184KB

MD5
a4e0642e4c49deb03a7a39d1c5d2222d

SHA1
7d1c17f196b396cfd5125e2bc857578653a52157

SHA256
20a1a6a3a002c2279ae743ca5844daf952181005be64fce59db76fafc86a8522

SHA512
97116677286ddb2ff4bfb970d2b76961f7412f2eb3059f1eb1c85c2b546258906feb085fa7a1823c3e2a08255872f6ddcc6a8a3e8a86bd857480438ac26e4741

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe

Filesize
184KB

MD5
fb4235b2eded0af5ee2a1b7fc282cec8

SHA1
c08ded209677134852c679416f53b46594d46953

SHA256
636958ee248548aa150e1d807a212ad562c068fadec5b3a620867f7d23a771ee

SHA512
aa7ce0c35feede0715b66d9c540200ab43c8be58297d87cd713fd2c5a1eae312b5227896fe1d8f023644fbaf3a86f16c94f892720e672ff55dd601b92dcb3fae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe

Filesize
184KB

MD5
10fab890ba996e6d2600e5856575b063

SHA1
94886bdae345fe584880ffb99f9312f4f0f234ee

SHA256
5a0cc45f66df8952c80c3f998f0d23c614ea9e6206439b6bf269a7649bae9692

SHA512
ac80628e61e532852f1e9b84f2f301a70da836800a157d054d9198d69cf3ec3e380f400e186fa1ea74a0975341f108cc889f51f8ef6223131556cbea3c987777

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe

Filesize
184KB

MD5
cd4cfd2390aebc3aefcd43e3da3d5a93

SHA1
ad03e03a8632b6a6123a95ae757e744c59706261

SHA256
7b4a50d0bb0ccc508f5792f4e39f399bb5f512a97976666769764edc829593f4

SHA512
2a166e6d19a6b0882509f2cab9c9cd3363f47f6c43112d9e75cfb79d5e3ef2a4c44a60aa79dca527497540e2c392bea7e69067bbf95c525fb2ce268c415bceec

Download Submit
memory/2236-679-0x00000000027C0000-0x000000000291C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads