354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
Size

184KB
MD5

b04209d0f26b962c99726d262244b506
SHA1

2fe5fbac5ad46c67dc78b905401584a00a7dc4f9
SHA256

354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840
SHA512

bed005244a8b3f00756f6c446bad1a55adef5e0419dd99fc9214be50a4c92eefddb1cd9c96a5e17c1fcc5ba19466c23d6719623efc367e64089538f027ca79f0
SSDEEP

3072:dNVMQ5EoldpaBdhoTegsLnCgHIK4uIcmBXHyPG5EcQIFhlnVOFC:dNYokPhokLCgHIz3MahlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-42353.exeUnicorn-22016.exeUnicorn-2150.exeUnicorn-1678.exeUnicorn-45212.exeUnicorn-65077.exeUnicorn-3385.exeUnicorn-23251.exeUnicorn-34111.exeUnicorn-53977.exeUnicorn-40380.exeUnicorn-11045.exeUnicorn-21906.exeUnicorn-41772.exeUnicorn-21906.exeUnicorn-55176.exeUnicorn-23058.exeUnicorn-54107.exeUnicorn-22312.exeUnicorn-4906.exeUnicorn-63899.exeUnicorn-63899.exeUnicorn-18228.exeUnicorn-4112.exeUnicorn-14973.exeUnicorn-55259.exeUnicorn-51175.exeUnicorn-62036.exeUnicorn-64750.exeUnicorn-19079.exeUnicorn-10910.exeUnicorn-15549.exeUnicorn-604.exeUnicorn-11465.exeUnicorn-31331.exeUnicorn-43090.exeUnicorn-8279.exeUnicorn-19140.exeUnicorn-51258.exeUnicorn-62119.exeUnicorn-16448.exeUnicorn-27308.exeUnicorn-47174.exeUnicorn-27330.exeUnicorn-58056.exeUnicorn-53972.exeUnicorn-3380.exeUnicorn-64833.exeUnicorn-30022.exeUnicorn-39582.exeUnicorn-35498.exeUnicorn-46359.exeUnicorn-31414.exeUnicorn-42274.exeUnicorn-62140.exeUnicorn-5347.exeUnicorn-51019.exeUnicorn-60578.exeUnicorn-36628.exeUnicorn-56494.exeUnicorn-20314.exeUnicorn-63292.exeUnicorn-38596.exeUnicorn-32051.exe

pid	process
2344	Unicorn-42353.exe
2580	Unicorn-22016.exe
2588	Unicorn-2150.exe
2760	Unicorn-1678.exe
2460	Unicorn-45212.exe
2348	Unicorn-65077.exe
2680	Unicorn-3385.exe
2692	Unicorn-23251.exe
1820	Unicorn-34111.exe
1948	Unicorn-53977.exe
1444	Unicorn-40380.exe
2316	Unicorn-11045.exe
1164	Unicorn-21906.exe
2960	Unicorn-41772.exe
1160	Unicorn-21906.exe
908	Unicorn-55176.exe
1712	Unicorn-23058.exe
2976	Unicorn-54107.exe
2080	Unicorn-22312.exe
1576	Unicorn-4906.exe
976	Unicorn-63899.exe
1664	Unicorn-63899.exe
1356	Unicorn-18228.exe
1892	Unicorn-4112.exe
572	Unicorn-14973.exe
3024	Unicorn-55259.exe
2860	Unicorn-51175.exe
2016	Unicorn-62036.exe
3048	Unicorn-64750.exe
1620	Unicorn-19079.exe
2384	Unicorn-10910.exe
1976	Unicorn-15549.exe
2824	Unicorn-604.exe
2732	Unicorn-11465.exe
2596	Unicorn-31331.exe
2516	Unicorn-43090.exe
2936	Unicorn-8279.exe
2684	Unicorn-19140.exe
1680	Unicorn-51258.exe
2696	Unicorn-62119.exe
2876	Unicorn-16448.exe
1732	Unicorn-27308.exe
552	Unicorn-47174.exe
2304	Unicorn-27330.exe
2416	Unicorn-58056.exe
540	Unicorn-53972.exe
1392	Unicorn-3380.exe
1656	Unicorn-64833.exe
688	Unicorn-30022.exe
412	Unicorn-39582.exe
1456	Unicorn-35498.exe
3016	Unicorn-46359.exe
1564	Unicorn-31414.exe
1964	Unicorn-42274.exe
3028	Unicorn-62140.exe
2868	Unicorn-5347.exe
2064	Unicorn-51019.exe
2620	Unicorn-60578.exe
632	Unicorn-36628.exe
2592	Unicorn-56494.exe
2612	Unicorn-20314.exe
2676	Unicorn-63292.exe
1236	Unicorn-38596.exe
308	Unicorn-32051.exe

Loads dropped DLL 64 IoCs

Processes:

354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exeUnicorn-42353.exeUnicorn-22016.exeUnicorn-2150.exeWerFault.exeUnicorn-45212.exeUnicorn-65077.exeWerFault.exeWerFault.exeUnicorn-1678.exeUnicorn-23251.exeUnicorn-3385.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
2344	Unicorn-42353.exe
2344	Unicorn-42353.exe
2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
2580	Unicorn-22016.exe
2580	Unicorn-22016.exe
2344	Unicorn-42353.exe
2344	Unicorn-42353.exe
2588	Unicorn-2150.exe
2588	Unicorn-2150.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2580	Unicorn-22016.exe
2580	Unicorn-22016.exe
2460	Unicorn-45212.exe
2460	Unicorn-45212.exe
2348	Unicorn-65077.exe
2348	Unicorn-65077.exe
2588	Unicorn-2150.exe
2588	Unicorn-2150.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1940	WerFault.exe
1452	WerFault.exe
2760	Unicorn-1678.exe
2760	Unicorn-1678.exe
2692	Unicorn-23251.exe
2692	Unicorn-23251.exe
2348	Unicorn-65077.exe
2348	Unicorn-65077.exe
2680	Unicorn-3385.exe
2460	Unicorn-45212.exe
2680	Unicorn-3385.exe
2460	Unicorn-45212.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
336	WerFault.exe
336	WerFault.exe
336	WerFault.exe
336	WerFault.exe
804	WerFault.exe
804	WerFault.exe
804	WerFault.exe
804	WerFault.exe
1336	WerFault.exe
1336	WerFault.exe
1336	WerFault.exe
1336	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2444	2808	WerFault.exe	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
2220	2344	WerFault.exe	Unicorn-42353.exe
2848	1820	WerFault.exe	Unicorn-34111.exe
1452	2588	WerFault.exe	Unicorn-2150.exe
1940	2580	WerFault.exe	Unicorn-22016.exe
804	2760	WerFault.exe	Unicorn-1678.exe
1336	2348	WerFault.exe	Unicorn-65077.exe
336	2460	WerFault.exe	Unicorn-45212.exe
2000	2692	WerFault.exe	Unicorn-23251.exe
2160	2680	WerFault.exe	Unicorn-3385.exe
2448	1444	WerFault.exe	Unicorn-40380.exe
2576	1164	WerFault.exe	Unicorn-21906.exe
1672	1160	WerFault.exe	Unicorn-21906.exe
2368	2316	WerFault.exe	Unicorn-11045.exe
1996	2960	WerFault.exe	Unicorn-41772.exe
1204	908	WerFault.exe	Unicorn-55176.exe
1348	1712	WerFault.exe	Unicorn-23058.exe
2008	2976	WerFault.exe	Unicorn-54107.exe
2728	2080	WerFault.exe	Unicorn-22312.exe
2464	1576	WerFault.exe	Unicorn-4906.exe
2492	1356	WerFault.exe	Unicorn-18228.exe
2608	1664	WerFault.exe	Unicorn-63899.exe
2816	976	WerFault.exe	Unicorn-63899.exe
2276	572	WerFault.exe	Unicorn-14973.exe
1100	1892	WerFault.exe	Unicorn-4112.exe
2624	2860	WerFault.exe	Unicorn-51175.exe
2784	3024	WerFault.exe	Unicorn-55259.exe
2236	2016	WerFault.exe	Unicorn-62036.exe
2172	1620	WerFault.exe	Unicorn-19079.exe
892	3048	WerFault.exe	Unicorn-64750.exe
3044	2384	WerFault.exe	Unicorn-10910.exe
1904	1976	WerFault.exe	Unicorn-15549.exe
556	2824	WerFault.exe	Unicorn-604.exe
2088	2732	WerFault.exe	Unicorn-11465.exe
2116	2596	WerFault.exe	Unicorn-31331.exe
3648	2516	WerFault.exe	Unicorn-43090.exe
3664	2936	WerFault.exe	Unicorn-8279.exe
3676	2684	WerFault.exe	Unicorn-19140.exe
3900	552	WerFault.exe	Unicorn-47174.exe
3924	2696	WerFault.exe	Unicorn-62119.exe
3940	3028	WerFault.exe	Unicorn-62140.exe
3932	1964	WerFault.exe	Unicorn-42274.exe
3956	688	WerFault.exe	Unicorn-30022.exe
3980	1564	WerFault.exe	Unicorn-31414.exe
4028	1456	WerFault.exe	Unicorn-35498.exe
4040	1656	WerFault.exe	Unicorn-64833.exe
4080	1732	WerFault.exe	Unicorn-27308.exe
3144	1392	WerFault.exe	Unicorn-3380.exe
3140	540	WerFault.exe	Unicorn-53972.exe
3200	2416	WerFault.exe	Unicorn-58056.exe
3240	2876	WerFault.exe	Unicorn-16448.exe
3300	2304	WerFault.exe	Unicorn-27330.exe
3364	3016	WerFault.exe	Unicorn-46359.exe
3540	412	WerFault.exe	Unicorn-39582.exe
3760	2612	WerFault.exe	Unicorn-20314.exe
3776	2064	WerFault.exe	Unicorn-51019.exe
3788	2868	WerFault.exe	Unicorn-5347.exe
3884	2592	WerFault.exe	Unicorn-56494.exe
3456	1704	WerFault.exe	Unicorn-47833.exe
3348	1648	WerFault.exe	Unicorn-41611.exe
3176	1556	WerFault.exe	Unicorn-37527.exe
3492	1104	WerFault.exe	Unicorn-5731.exe
3640	564	WerFault.exe	Unicorn-17661.exe
4104	836	WerFault.exe	Unicorn-35389.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exeUnicorn-42353.exeUnicorn-22016.exeUnicorn-2150.exeUnicorn-1678.exeUnicorn-45212.exeUnicorn-65077.exeUnicorn-34111.exeUnicorn-3385.exeUnicorn-23251.exeUnicorn-53977.exeUnicorn-40380.exeUnicorn-21906.exeUnicorn-21906.exeUnicorn-11045.exeUnicorn-41772.exeUnicorn-55176.exeUnicorn-23058.exeUnicorn-54107.exeUnicorn-22312.exeUnicorn-4906.exeUnicorn-63899.exeUnicorn-63899.exeUnicorn-18228.exeUnicorn-4112.exeUnicorn-14973.exeUnicorn-55259.exeUnicorn-51175.exeUnicorn-62036.exeUnicorn-64750.exeUnicorn-19079.exeUnicorn-10910.exeUnicorn-15549.exeUnicorn-604.exeUnicorn-11465.exeUnicorn-31331.exeUnicorn-43090.exeUnicorn-8279.exeUnicorn-19140.exeUnicorn-62119.exeUnicorn-51258.exeUnicorn-16448.exeUnicorn-27308.exeUnicorn-47174.exeUnicorn-27330.exeUnicorn-3380.exeUnicorn-58056.exeUnicorn-64833.exeUnicorn-53972.exeUnicorn-30022.exeUnicorn-39582.exeUnicorn-35498.exeUnicorn-46359.exeUnicorn-31414.exeUnicorn-42274.exeUnicorn-62140.exeUnicorn-5347.exeUnicorn-51019.exeUnicorn-60578.exeUnicorn-36628.exeUnicorn-56494.exeUnicorn-20314.exeUnicorn-63292.exeUnicorn-38596.exe

pid	process
2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
2344	Unicorn-42353.exe
2580	Unicorn-22016.exe
2588	Unicorn-2150.exe
2760	Unicorn-1678.exe
2460	Unicorn-45212.exe
2348	Unicorn-65077.exe
1820	Unicorn-34111.exe
2680	Unicorn-3385.exe
2692	Unicorn-23251.exe
1948	Unicorn-53977.exe
1444	Unicorn-40380.exe
1164	Unicorn-21906.exe
1160	Unicorn-21906.exe
2316	Unicorn-11045.exe
2960	Unicorn-41772.exe
908	Unicorn-55176.exe
1712	Unicorn-23058.exe
2976	Unicorn-54107.exe
2080	Unicorn-22312.exe
1576	Unicorn-4906.exe
1664	Unicorn-63899.exe
976	Unicorn-63899.exe
1356	Unicorn-18228.exe
1892	Unicorn-4112.exe
572	Unicorn-14973.exe
3024	Unicorn-55259.exe
2860	Unicorn-51175.exe
2016	Unicorn-62036.exe
3048	Unicorn-64750.exe
1620	Unicorn-19079.exe
2384	Unicorn-10910.exe
1976	Unicorn-15549.exe
2824	Unicorn-604.exe
2732	Unicorn-11465.exe
2596	Unicorn-31331.exe
2516	Unicorn-43090.exe
2936	Unicorn-8279.exe
2684	Unicorn-19140.exe
2696	Unicorn-62119.exe
1680	Unicorn-51258.exe
2876	Unicorn-16448.exe
1732	Unicorn-27308.exe
552	Unicorn-47174.exe
2304	Unicorn-27330.exe
1392	Unicorn-3380.exe
2416	Unicorn-58056.exe
1656	Unicorn-64833.exe
540	Unicorn-53972.exe
688	Unicorn-30022.exe
412	Unicorn-39582.exe
1456	Unicorn-35498.exe
3016	Unicorn-46359.exe
1564	Unicorn-31414.exe
1964	Unicorn-42274.exe
3028	Unicorn-62140.exe
2868	Unicorn-5347.exe
2064	Unicorn-51019.exe
2620	Unicorn-60578.exe
632	Unicorn-36628.exe
2592	Unicorn-56494.exe
2612	Unicorn-20314.exe
2676	Unicorn-63292.exe
1236	Unicorn-38596.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exeUnicorn-42353.exeUnicorn-22016.exeUnicorn-2150.exeUnicorn-45212.exeUnicorn-65077.exeUnicorn-1678.exeUnicorn-23251.exe

description	pid	process	target process
PID 2808 wrote to memory of 2344	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-42353.exe
PID 2808 wrote to memory of 2344	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-42353.exe
PID 2808 wrote to memory of 2344	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-42353.exe
PID 2808 wrote to memory of 2344	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-42353.exe
PID 2344 wrote to memory of 2580	2344	Unicorn-42353.exe	Unicorn-22016.exe
PID 2344 wrote to memory of 2580	2344	Unicorn-42353.exe	Unicorn-22016.exe
PID 2344 wrote to memory of 2580	2344	Unicorn-42353.exe	Unicorn-22016.exe
PID 2344 wrote to memory of 2580	2344	Unicorn-42353.exe	Unicorn-22016.exe
PID 2808 wrote to memory of 2588	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-2150.exe
PID 2808 wrote to memory of 2588	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-2150.exe
PID 2808 wrote to memory of 2588	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-2150.exe
PID 2808 wrote to memory of 2588	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	Unicorn-2150.exe
PID 2808 wrote to memory of 2444	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	WerFault.exe
PID 2808 wrote to memory of 2444	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	WerFault.exe
PID 2808 wrote to memory of 2444	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	WerFault.exe
PID 2808 wrote to memory of 2444	2808	354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe	WerFault.exe
PID 2580 wrote to memory of 2760	2580	Unicorn-22016.exe	Unicorn-1678.exe
PID 2580 wrote to memory of 2760	2580	Unicorn-22016.exe	Unicorn-1678.exe
PID 2580 wrote to memory of 2760	2580	Unicorn-22016.exe	Unicorn-1678.exe
PID 2580 wrote to memory of 2760	2580	Unicorn-22016.exe	Unicorn-1678.exe
PID 2344 wrote to memory of 2460	2344	Unicorn-42353.exe	Unicorn-45212.exe
PID 2344 wrote to memory of 2460	2344	Unicorn-42353.exe	Unicorn-45212.exe
PID 2344 wrote to memory of 2460	2344	Unicorn-42353.exe	Unicorn-45212.exe
PID 2344 wrote to memory of 2460	2344	Unicorn-42353.exe	Unicorn-45212.exe
PID 2588 wrote to memory of 2348	2588	Unicorn-2150.exe	Unicorn-65077.exe
PID 2588 wrote to memory of 2348	2588	Unicorn-2150.exe	Unicorn-65077.exe
PID 2588 wrote to memory of 2348	2588	Unicorn-2150.exe	Unicorn-65077.exe
PID 2588 wrote to memory of 2348	2588	Unicorn-2150.exe	Unicorn-65077.exe
PID 2344 wrote to memory of 2220	2344	Unicorn-42353.exe	WerFault.exe
PID 2344 wrote to memory of 2220	2344	Unicorn-42353.exe	WerFault.exe
PID 2344 wrote to memory of 2220	2344	Unicorn-42353.exe	WerFault.exe
PID 2344 wrote to memory of 2220	2344	Unicorn-42353.exe	WerFault.exe
PID 2580 wrote to memory of 2680	2580	Unicorn-22016.exe	Unicorn-3385.exe
PID 2580 wrote to memory of 2680	2580	Unicorn-22016.exe	Unicorn-3385.exe
PID 2580 wrote to memory of 2680	2580	Unicorn-22016.exe	Unicorn-3385.exe
PID 2580 wrote to memory of 2680	2580	Unicorn-22016.exe	Unicorn-3385.exe
PID 2460 wrote to memory of 2692	2460	Unicorn-45212.exe	Unicorn-23251.exe
PID 2460 wrote to memory of 2692	2460	Unicorn-45212.exe	Unicorn-23251.exe
PID 2460 wrote to memory of 2692	2460	Unicorn-45212.exe	Unicorn-23251.exe
PID 2460 wrote to memory of 2692	2460	Unicorn-45212.exe	Unicorn-23251.exe
PID 2348 wrote to memory of 1948	2348	Unicorn-65077.exe	Unicorn-53977.exe
PID 2348 wrote to memory of 1948	2348	Unicorn-65077.exe	Unicorn-53977.exe
PID 2348 wrote to memory of 1948	2348	Unicorn-65077.exe	Unicorn-53977.exe
PID 2348 wrote to memory of 1948	2348	Unicorn-65077.exe	Unicorn-53977.exe
PID 2588 wrote to memory of 1820	2588	Unicorn-2150.exe	Unicorn-34111.exe
PID 2588 wrote to memory of 1820	2588	Unicorn-2150.exe	Unicorn-34111.exe
PID 2588 wrote to memory of 1820	2588	Unicorn-2150.exe	Unicorn-34111.exe
PID 2588 wrote to memory of 1820	2588	Unicorn-2150.exe	Unicorn-34111.exe
PID 2580 wrote to memory of 1940	2580	Unicorn-22016.exe	WerFault.exe
PID 2580 wrote to memory of 1940	2580	Unicorn-22016.exe	WerFault.exe
PID 2580 wrote to memory of 1940	2580	Unicorn-22016.exe	WerFault.exe
PID 2580 wrote to memory of 1940	2580	Unicorn-22016.exe	WerFault.exe
PID 2588 wrote to memory of 1452	2588	Unicorn-2150.exe	WerFault.exe
PID 2588 wrote to memory of 1452	2588	Unicorn-2150.exe	WerFault.exe
PID 2588 wrote to memory of 1452	2588	Unicorn-2150.exe	WerFault.exe
PID 2588 wrote to memory of 1452	2588	Unicorn-2150.exe	WerFault.exe
PID 2760 wrote to memory of 1444	2760	Unicorn-1678.exe	Unicorn-40380.exe
PID 2760 wrote to memory of 1444	2760	Unicorn-1678.exe	Unicorn-40380.exe
PID 2760 wrote to memory of 1444	2760	Unicorn-1678.exe	Unicorn-40380.exe
PID 2760 wrote to memory of 1444	2760	Unicorn-1678.exe	Unicorn-40380.exe
PID 2692 wrote to memory of 2316	2692	Unicorn-23251.exe	Unicorn-11045.exe
PID 2692 wrote to memory of 2316	2692	Unicorn-23251.exe	Unicorn-11045.exe
PID 2692 wrote to memory of 2316	2692	Unicorn-23251.exe	Unicorn-11045.exe
PID 2692 wrote to memory of 2316	2692	Unicorn-23251.exe	Unicorn-11045.exe

C:\Users\Admin\AppData\Local\Temp\354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe
"C:\Users\Admin\AppData\Local\Temp\354bd00145a592ab07414c31457ea3fa3bb9ba3517e48ee212852394bddeb840.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        10⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        11⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
        12⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        13⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        14⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        14⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
        13⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        12⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        11⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        12⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49274.exe
        13⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 220
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        12⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        12⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        13⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        11⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        10⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        9⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        12⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        13⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        13⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        12⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        11⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        12⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        13⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        10⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        8⤵
        Program crash
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        12⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        13⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        14⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        15⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        14⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 220
        13⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        12⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        11⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        11⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        12⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe
        13⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        14⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 236
        13⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        12⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        11⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 220
        9⤵
        Program crash
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        12⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        8⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        7⤵
        Program crash
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
        11⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        12⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        13⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        14⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        13⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
        12⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
        11⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        9⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        11⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        12⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
        13⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        12⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        8⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        12⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        13⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
        14⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 236
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        11⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        12⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        8⤵
        Program crash
        
        PID:3776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        7⤵
        Program crash
        
        PID:2276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        6⤵
        Program crash
        
        PID:2448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
        10⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
        12⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        13⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        14⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 236
        13⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        11⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        12⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        13⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        12⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        10⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 224
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        10⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        9⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        7⤵
        Program crash
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        10⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        12⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        13⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        14⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        13⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        11⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
        11⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
        12⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 212
        12⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        9⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        10⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        11⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        12⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
        11⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
        10⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        7⤵
        Program crash
        
        PID:2088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        6⤵
        Program crash
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        12⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        13⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        14⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        13⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        12⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43202.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        11⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        12⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        13⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
        8⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        11⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        12⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        11⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        11⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
        11⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 236
        10⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
        8⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        Program crash
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
        11⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        12⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        12⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        11⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31605.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        10⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        11⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
        11⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        10⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        7⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        6⤵
        Program crash
        
        PID:2608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        5⤵
        Program crash
        
        PID:2160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        11⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        12⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        13⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        14⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        14⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        13⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        12⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        11⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        10⤵
        Program crash
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        12⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        13⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
        14⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        13⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        12⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        9⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        12⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
        13⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        12⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        9⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        8⤵
        Program crash
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        11⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        13⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        14⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 220
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        11⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        11⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        12⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        13⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 236
        12⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        11⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        8⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        11⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        11⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 216
        9⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        8⤵
        Program crash
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        7⤵
        Program crash
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43557.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        11⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        12⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        13⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        14⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 236
        13⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
        12⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        11⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        11⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        12⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        12⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        11⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        9⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        11⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        12⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 220
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 220
        8⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        10⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        8⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        7⤵
        Program crash
        
        PID:1904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        6⤵
        Program crash
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        9⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        11⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        12⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        13⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 220
        12⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        11⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 236
        10⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        8⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        7⤵
        Program crash
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 220
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220
        5⤵
        Program crash
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        11⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
        12⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        13⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 220
        13⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        12⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        10⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        11⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        12⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
        8⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        12⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        11⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        Program crash
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65324.exe
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
        11⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
        10⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18973.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        10⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        11⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 236
        11⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        10⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        8⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 220
        7⤵
        Program crash
        
        PID:3144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        11⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
        12⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        13⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        8⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        9⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        10⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46607.exe
        11⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
        11⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        10⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        9⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        8⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        6⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
        9⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        11⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 220
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 220
        10⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        9⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        10⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        10⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        9⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        8⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 220
        7⤵
        
        PID:4596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        6⤵
        Program crash
        
        PID:892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        5⤵
        Program crash
        
        PID:1672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:336
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        9⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        11⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        13⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 220
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
        8⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 220
        9⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        8⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        7⤵
        Executes dropped EXE
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        10⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        11⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        12⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        10⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        10⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 220
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        10⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        7⤵
        Program crash
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        12⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        9⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
        11⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48138.exe
        12⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        11⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 236
        10⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        7⤵
        Program crash
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        6⤵
        Program crash
        
        PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        11⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        13⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        12⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        10⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        9⤵
        Program crash
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        11⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        12⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        13⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        11⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        11⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        10⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        11⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        10⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        8⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        7⤵
        Program crash
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        8⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
        10⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        11⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        12⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        13⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        12⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        10⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 220
        11⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        9⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        10⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        10⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
        8⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        7⤵
        Program crash
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        11⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        12⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        13⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        11⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        8⤵
        Program crash
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        7⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51370.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        11⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 204
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
        7⤵
        Program crash
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        6⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        10⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        11⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
        11⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        8⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        7⤵
        Program crash
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:2236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
        5⤵
        Program crash
        
        PID:2576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
  2⤵
  - Program crash
  PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe

Filesize
184KB

MD5
28e28fdb86694072be4c16951e58dd0f

SHA1
2f83ca9ead8791b4e31201ebea6613b18925cbb2

SHA256
a74406e93441ffc737f93aaab149140b6e38b5fff3f4f3fa0f422857c4a366d6

SHA512
433707a36e1360f20ebd475983bc984110f1174dc1f5ff06ab0e89c9cebf3e112df2ff6dc1b038ea77ceadc5911c70adaefc059825dc0f840d4fa3518b440a5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe

Filesize
184KB

MD5
8773114f8a2d4dbb2250a42187639b2d

SHA1
65234abf33572cf87ce66a370b9e42f08614f3b6

SHA256
abb26c07d5efdcbe09bbf494c9bee68d23c2242ad1ac3ca0de2089ec4efb41ef

SHA512
cb2fbc6f0aaeacf46abd550dc15c399d41a6440cf6310550353dd09870ade96b4d6d1dd26887f853d778e1b98852e1214978bec66fad39583a8c31702eed59c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe

Filesize
184KB

MD5
93d7f8c7eefe4072df55d7a86cf8a8d5

SHA1
f87225f659fa72098d938025242d5794088cb5f2

SHA256
aae9d78cd88590a14fa994a174f54ca34229301255d033dce217b3c3530dbfcf

SHA512
7bc62b0670d319d33934774d639a2c362e7fb67f50d3ac10821c4eb87093237a8e2285cdcefada8155135820759e2c4134029ad70bcb9b69e687d48e83b989dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe

Filesize
184KB

MD5
a4939634e5396280f6d05887d8f6557e

SHA1
22eb7dd8e702d7f5f7590af9957eab2b8a54bb3a

SHA256
b58ff9a142546a769b623c353a49912ed9352460cb511c7a556fd5792418bfc0

SHA512
20cfc0b56aaff4fe4d37f23d6fa254390a95d40c2bf637db7b0ad09068410c35f1a50e42624d4662f9c67450eed07464b1d9a391dc39369b23238adf5203d6b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe

Filesize
184KB

MD5
fd502135141d1f71b6d2b876b17181c5

SHA1
0f2a88411a22be4d9fe515c49def3f8c7571ba1c

SHA256
b0fb914cb43d64ebcb4fbdb62ad7d1bb78ca07743c189107384f287c10f98dda

SHA512
09b3bc79ae661732c00e7d5107b6b49a2d62ce46fd66c68da7dfdee4db51cebf980218c16d6500b8243480eb23ffce2f27b5661a816778f255b95db9bd579f78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe

Filesize
184KB

MD5
885093571475c1e80e0744188bc5e0ce

SHA1
d47bf746b149e90936e628a53f9efba550a326a3

SHA256
444216fcea616137cffdc1a4f7f32fd0fead730785eb27388ae37fb42b588acd

SHA512
de6ae261439ff3d0c2942b6d4cfe4c6615cdd1ed7be25d563598062aed20a6602d37802cb38f49f8ec0f8bdbdb0b195c2a85c89b22a58b1e3098aa099e132a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe

Filesize
184KB

MD5
c1b3b35d5fa2e4e3a108b2a9ad377642

SHA1
6f4e5c9275022c9eeab1f1389f79ee9e13df1671

SHA256
ca0da61ba24a9e72e0e8a65f25b754f4025c40e5f593ab80ffadd8f964e93cee

SHA512
413f117b9788b657851ca97477bc18f04ed148e086956a5eedabc8264df170aa22e9fc15ed3c2c43235500ecc0eaec98d10d14440111947c23d6ff8702f88367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe

Filesize
184KB

MD5
bb622e3885ab1a14819b086caa120ee5

SHA1
fde0f36f2461a3709274a65cc2853510b3d9a57b

SHA256
01567a9ccfdb63a425fce6bba6f62d2e64a5f71626560442168c3b73d8343307

SHA512
be8a898edb3bc3d1206ac56f6f6bcdfefe2a3f70ce605ceda5533065ebe5c45a844d9d45f717b0cfb0251c28933cca908e3c7b3e3bea96bd80c0d520f1967cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe

Filesize
184KB

MD5
e53112e10dfa143b09d1faac5024021f

SHA1
1303913f93f50f054ebfc33d578cc4484f636284

SHA256
cf7e218343fef93f4298e9d007e178c0296a5c610796dbba1d7135e4667d84ab

SHA512
74f0d237d417e04a66380ef85477dcc925122651904de8310e4b2008f1fc4d388fe63d75fa4110c05b62451517695c61b082d428b1fbbd98c6cffcc68367834e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe

Filesize
184KB

MD5
8df4c93bc1db32f479b9c37cd794ee6e

SHA1
fe8099484fcd560c6f4f93c2823e1e15d64b1443

SHA256
c076891ad9b212809d90ca1a5d86b49e6daa4a6cc4c5d9972aa248085c0625f9

SHA512
9eaf3513fcbf9c4e6ec6ab83e3c1575010f3fba69ec4fc93d32c6f0b58b14a499fd09cfba947fca91c5f6c2c4cddf15a83caa2f3da1a3094ddba1d66b633ee24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe

Filesize
184KB

MD5
fb74170cdf6845f7ebd6bca707b92358

SHA1
1191852e9d92e93dae658580bd2e50a5ee831d62

SHA256
595eba103668a7c6b6da373b6f946db6d2b0c83697f3c7ed46ce99fbf74c4834

SHA512
5bffa6539eb0d87481e57be4085218444c27259e0a31933b8e9c003768a8b3e1da048dafebf7e064786a7b290a2f7f36415c681dfdec29fe9dcaf60e8482f1b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe

Filesize
184KB

MD5
eb1d31de6d067aa049bb17e78f1d5461

SHA1
f39c306e9497a83e19a28a06eeb87773b5be0b44

SHA256
302f5cb8e7a43f13040542c077b3849912660d11627987bd2c7c83575d3ea27e

SHA512
9d12d00e022fc5285feac84397fbaf821001d018e26840d3d5d2afc48a92fefe27b93bc22051ac878a5fe97c1ae3e06a126970cac28edee6d6a2b760c251d72a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe

Filesize
184KB

MD5
7f75398d007fc0151f1dc7daf802773e

SHA1
6e53c7ee08ed25a0523ccc97ec1bfc408539a519

SHA256
039e80c39379663b3f6cd779b9ab4def420b7e5245906976b1c78b21a59a3520

SHA512
20b16a21678dee509b616bb51728c0b8d63c6bd48010e0348f0314bc65349d0f9fd00504c31fd2f96d676304840645e826dca4ff9ea77891dfc0dd3c58fc7be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe

Filesize
184KB

MD5
fb0d98e93144dcc5f7829a53557a1dc5

SHA1
bd50bda295307f23c4e79852c173a508437fbd7b

SHA256
ccbd6dd192496aca37cd0b57228de33f32d814435cb5a243c0f4414cd5064d76

SHA512
5b5d83361827b5470d741f62cc1eb9ba7da5d288724a40f432521e602deee26b4c96cd7ca835effbf9cc3e698b28c054d7b840f5a2ec7d3f32742b9341fc9f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe

Filesize
184KB

MD5
8cb1edea778450731f359e8e63ec2250

SHA1
ebb94981fcc4a4f07ec1bc6d309e3be735b311cc

SHA256
e6c9dec9d4cd255077b764dfe8983f6efc414b376fc396c308f68920d58a00e7

SHA512
edc26ce971627544c55ff3f1a0748a1305d7a68d0ad4a99e37b8e15b1a81f88ba02fc45b1772f16fed80453a74f2510ee141d310a5a56d954e9f32d14d756b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe

Filesize
184KB

MD5
5a1b33a9348201834cd7de9544c8c680

SHA1
9f11c0e39411e0af5bb2a66369540e074ba91fed

SHA256
efa00474c0b9ee7e2684761270e1ae9a8d1436d536f6b23e32e9a6bd0274023c

SHA512
18550ebf1a5b74be09646372613f16053e62175df7879df5c120ae6b6b28b6fa23b35892f3c0707764f1ebb6735449da282b24eac8103690726c8a247fcce0c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe

Filesize
184KB

MD5
12fe2b832358c8dcd17a3b44a32355f3

SHA1
de1c15b32811cae29affc906488ceb7c40cfceac

SHA256
04bccb092f7023423e7c7c087d430e528103b504a3bf301c92ae6547fb1e99e7

SHA512
392d0250a55d65be60e8561c1f5bf32c879d2fc33df7e5521ffc71547ac1bdb79a4d3ee23e323a4a0ac540420d837d83b1d2d4a6b854d0034e281deb55fdaeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe

Filesize
184KB

MD5
42c43d17b611e41e8247bef82ff137c8

SHA1
1283863f27261386f31b7ed01f2eeb30e00dc903

SHA256
4fddfb200ed032f1cb2fbb02427b7286eaa5dabb5d9a9d060eba5197eb9f232e

SHA512
6490130fd6929b6bfdf0744f38fa11b6c8d84ec35571182fe21acc856eac7c0d29353d87d4b22d6748c97d56b9033d17f4669957729057b5c1d09ffbf00c17e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe

Filesize
184KB

MD5
24bbd54bd72ec5f5ab2b8d56e8d8780f

SHA1
50e7aa3f1c6c89edf099ba81f6b100e59e6e53d3

SHA256
dd2483670b0e90556b3f8d8d1f70c37c32fa61f416443b8ecff7d77268d4b1bc

SHA512
b74e6fe4c8b4732a6dd62399ed1f82800fb71db3c7922d2e8fad32035a6e44d70fb76b191ddd6b9d564c64e204a590b9379cd34a5569850b4f25e3a1094d973e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe

Filesize
184KB

MD5
dde3eb0f6515b5cf4834228fed85c54f

SHA1
305c27414eaeea665c21d244d17ffb9686c70fe8

SHA256
4d8378aeb221edd86d444eb5622b67974966b0f427f6748398f120f82160c5c6

SHA512
b2d51602f4168f4c85668f1969c2dcb16b9d1218fb7cc187d987e10167b698facb1074b58fb168dcaf7c23bee193983b94c3c01bd7a14949587fb495aafefdad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe

Filesize
184KB

MD5
83942f706b5794e9389b8d6865b859e7

SHA1
fb28c15e62a77bde753c590ca48237a36e5db5b9

SHA256
cccb097d025ec6b047db0b43eeefcee213bfb616ff10f41d6d27004c26a5e0e0

SHA512
179b5eeaca2b6beb2c2b249de7b72d75e7c7bfd2c82a60f92af11401fbdd3f9e7d83918f65acf793980bb114d9304b2ed82eab89c6ff3a6d830d4a94b0862ce3

Download Submit