432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
Size

184KB
MD5

46245861784cc8c149a104756881d0cd
SHA1

1ba97fce212df0e6ffa3b50893b8a7a256037cce
SHA256

432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7
SHA512

e3fdd153342955419707f66f92d5bfc9ef13ac513b7a1fdedeeb93bcc2a964a5f2c18ad3e2653c6bfdbbb9464b9ac6e12ac90d1aec3d6fa84d75f00f0c1ae88b
SSDEEP

3072:W3e3+8oTK4evdFaWevwL7qsOhlnViFwn3:W3sosVFaGLOsOhlnViFw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-19662.exeUnicorn-27913.exeUnicorn-38773.exeUnicorn-51623.exeUnicorn-47539.exeUnicorn-35841.exeUnicorn-20944.exeUnicorn-39972.exeUnicorn-39226.exeUnicorn-9246.exeUnicorn-59838.exeUnicorn-40077.exeUnicorn-16127.exeUnicorn-35993.exeUnicorn-5266.exeUnicorn-65136.exeUnicorn-9350.exeUnicorn-65136.exeUnicorn-56174.exeUnicorn-32869.exeUnicorn-49952.exeUnicorn-57373.exeUnicorn-61457.exeUnicorn-61457.exeUnicorn-10865.exeUnicorn-10865.exeUnicorn-36953.exeUnicorn-6226.exeUnicorn-10310.exeUnicorn-55982.exeUnicorn-22838.exeUnicorn-41120.exeUnicorn-37036.exeUnicorn-17170.exeUnicorn-19116.exeUnicorn-32952.exeUnicorn-8255.exeUnicorn-30814.exeUnicorn-52557.exeUnicorn-44389.exeUnicorn-2801.exeUnicorn-8831.exeUnicorn-51810.exeUnicorn-3356.exeUnicorn-53948.exeUnicorn-38166.exeUnicorn-27306.exeUnicorn-46335.exeUnicorn-62116.exeUnicorn-19714.exeUnicorn-13169.exeUnicorn-16699.exeUnicorn-6947.exeUnicorn-10476.exeUnicorn-41203.exeUnicorn-64316.exeUnicorn-39833.exeUnicorn-50694.exeUnicorn-5022.exeUnicorn-54031.exeUnicorn-54031.exeUnicorn-38249.exeUnicorn-35557.exeUnicorn-52640.exe

pid	process
2504	Unicorn-19662.exe
2624	Unicorn-27913.exe
2540	Unicorn-38773.exe
2576	Unicorn-51623.exe
1224	Unicorn-47539.exe
2476	Unicorn-35841.exe
1300	Unicorn-20944.exe
564	Unicorn-39972.exe
1880	Unicorn-39226.exe
2944	Unicorn-9246.exe
1356	Unicorn-59838.exe
1100	Unicorn-40077.exe
2784	Unicorn-16127.exe
2792	Unicorn-35993.exe
2296	Unicorn-5266.exe
2088	Unicorn-65136.exe
2312	Unicorn-9350.exe
1344	Unicorn-65136.exe
1928	Unicorn-56174.exe
1536	Unicorn-32869.exe
1824	Unicorn-49952.exe
968	Unicorn-57373.exe
2928	Unicorn-61457.exe
1452	Unicorn-61457.exe
744	Unicorn-10865.exe
888	Unicorn-10865.exe
588	Unicorn-36953.exe
2924	Unicorn-6226.exe
1740	Unicorn-10310.exe
1648	Unicorn-55982.exe
1560	Unicorn-22838.exe
2640	Unicorn-41120.exe
2544	Unicorn-37036.exe
2636	Unicorn-17170.exe
2444	Unicorn-19116.exe
2968	Unicorn-32952.exe
2468	Unicorn-8255.exe
2416	Unicorn-30814.exe
704	Unicorn-52557.exe
1144	Unicorn-44389.exe
2848	Unicorn-2801.exe
2256	Unicorn-8831.exe
2512	Unicorn-51810.exe
2284	Unicorn-3356.exe
2656	Unicorn-53948.exe
2672	Unicorn-38166.exe
2452	Unicorn-27306.exe
1904	Unicorn-46335.exe
2800	Unicorn-62116.exe
1756	Unicorn-19714.exe
1476	Unicorn-13169.exe
1836	Unicorn-16699.exe
1884	Unicorn-6947.exe
2936	Unicorn-10476.exe
1008	Unicorn-41203.exe
1932	Unicorn-64316.exe
1596	Unicorn-39833.exe
1484	Unicorn-50694.exe
2720	Unicorn-5022.exe
2708	Unicorn-54031.exe
2436	Unicorn-54031.exe
1208	Unicorn-38249.exe
2700	Unicorn-35557.exe
2164	Unicorn-52640.exe

Loads dropped DLL 64 IoCs

Processes:

432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exeUnicorn-19662.exeUnicorn-38773.exeUnicorn-27913.exeWerFault.exeUnicorn-47539.exeUnicorn-51623.exeUnicorn-35841.exeWerFault.exeWerFault.exeUnicorn-39226.exeUnicorn-39972.exeUnicorn-20944.exeUnicorn-59838.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
2504	Unicorn-19662.exe
2504	Unicorn-19662.exe
3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
2540	Unicorn-38773.exe
2624	Unicorn-27913.exe
2624	Unicorn-27913.exe
2540	Unicorn-38773.exe
2504	Unicorn-19662.exe
2504	Unicorn-19662.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
1224	Unicorn-47539.exe
1224	Unicorn-47539.exe
2540	Unicorn-38773.exe
2540	Unicorn-38773.exe
2576	Unicorn-51623.exe
2624	Unicorn-27913.exe
2476	Unicorn-35841.exe
2476	Unicorn-35841.exe
2576	Unicorn-51623.exe
2624	Unicorn-27913.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1880	Unicorn-39226.exe
1880	Unicorn-39226.exe
2476	Unicorn-35841.exe
564	Unicorn-39972.exe
564	Unicorn-39972.exe
2476	Unicorn-35841.exe
1300	Unicorn-20944.exe
1300	Unicorn-20944.exe
1356	Unicorn-59838.exe
1356	Unicorn-59838.exe
2576	Unicorn-51623.exe
1224	Unicorn-47539.exe
2576	Unicorn-51623.exe
1224	Unicorn-47539.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2916	WerFault.exe
2116	WerFault.exe
2916	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2608	3036	WerFault.exe	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
760	2504	WerFault.exe	Unicorn-19662.exe
2680	2540	WerFault.exe	Unicorn-38773.exe
1924	2624	WerFault.exe	Unicorn-27913.exe
2116	1224	WerFault.exe	Unicorn-47539.exe
2916	2576	WerFault.exe	Unicorn-51623.exe
2248	2476	WerFault.exe	Unicorn-35841.exe
3044	1880	WerFault.exe	Unicorn-39226.exe
1704	2944	WerFault.exe	Unicorn-9246.exe
2040	564	WerFault.exe	Unicorn-39972.exe
2184	1300	WerFault.exe	Unicorn-20944.exe
2956	1356	WerFault.exe	Unicorn-59838.exe
2812	1100	WerFault.exe	Unicorn-40077.exe
2020	2296	WerFault.exe	Unicorn-5266.exe
1200	2784	WerFault.exe	Unicorn-16127.exe
1692	2312	WerFault.exe	Unicorn-9350.exe
1608	1344	WerFault.exe	Unicorn-65136.exe
1044	2088	WerFault.exe	Unicorn-65136.exe
2044	2792	WerFault.exe	Unicorn-35993.exe
864	1928	WerFault.exe	Unicorn-56174.exe
2516	1536	WerFault.exe	Unicorn-32869.exe
2564	1824	WerFault.exe	Unicorn-49952.exe
2628	1452	WerFault.exe	Unicorn-61457.exe
2572	968	WerFault.exe	Unicorn-57373.exe
2532	2928	WerFault.exe	Unicorn-61457.exe
672	744	WerFault.exe	Unicorn-10865.exe
2780	588	WerFault.exe	Unicorn-36953.exe
1084	1648	WerFault.exe	Unicorn-55982.exe
1340	2924	WerFault.exe	Unicorn-6226.exe
1896	1740	WerFault.exe	Unicorn-10310.exe
2100	888	WerFault.exe	Unicorn-10865.exe
3504	2640	WerFault.exe	Unicorn-41120.exe
3488	1560	WerFault.exe	Unicorn-22838.exe
3548	2544	WerFault.exe	Unicorn-37036.exe
3540	2636	WerFault.exe	Unicorn-17170.exe
3632	2416	WerFault.exe	Unicorn-30814.exe
3672	2444	WerFault.exe	Unicorn-19116.exe
3920	2968	WerFault.exe	Unicorn-32952.exe
4024	704	WerFault.exe	Unicorn-52557.exe
3776	2452	WerFault.exe	Unicorn-27306.exe
3800	1836	WerFault.exe	Unicorn-16699.exe
3840	1884	WerFault.exe	Unicorn-6947.exe
3896	2936	WerFault.exe	Unicorn-10476.exe
3940	2436	WerFault.exe	Unicorn-54031.exe
2840	2708	WerFault.exe	Unicorn-54031.exe
3168	2720	WerFault.exe	Unicorn-5022.exe
3124	896	WerFault.exe	Unicorn-55977.exe
3188	1484	WerFault.exe	Unicorn-50694.exe
3352	2700	WerFault.exe	Unicorn-35557.exe
3528	2108	WerFault.exe	Unicorn-54586.exe
3592	1916	WerFault.exe	Unicorn-42141.exe
3620	1476	WerFault.exe	Unicorn-13169.exe
3668	2900	WerFault.exe	Unicorn-21721.exe
3724	2852	WerFault.exe	Unicorn-17083.exe
4064	1184	WerFault.exe	Unicorn-41587.exe
3324	2164	WerFault.exe	Unicorn-52640.exe
4020	2256	WerFault.exe	Unicorn-8831.exe
3760	1688	WerFault.exe	Unicorn-28505.exe
3648	1080	WerFault.exe	Unicorn-48925.exe
4148	1104	WerFault.exe	Unicorn-10860.exe
4164	2588	WerFault.exe	Unicorn-46979.exe
4344	3020	WerFault.exe	Unicorn-48987.exe
4356	608	WerFault.exe	Unicorn-21721.exe
4396	948	WerFault.exe	Unicorn-36865.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exeUnicorn-19662.exeUnicorn-38773.exeUnicorn-27913.exeUnicorn-51623.exeUnicorn-35841.exeUnicorn-47539.exeUnicorn-20944.exeUnicorn-39972.exeUnicorn-39226.exeUnicorn-59838.exeUnicorn-9246.exeUnicorn-40077.exeUnicorn-5266.exeUnicorn-16127.exeUnicorn-65136.exeUnicorn-65136.exeUnicorn-35993.exeUnicorn-9350.exeUnicorn-56174.exeUnicorn-32869.exeUnicorn-49952.exeUnicorn-57373.exeUnicorn-61457.exeUnicorn-61457.exeUnicorn-10865.exeUnicorn-36953.exeUnicorn-10310.exeUnicorn-10865.exeUnicorn-6226.exeUnicorn-55982.exeUnicorn-22838.exeUnicorn-41120.exeUnicorn-37036.exeUnicorn-17170.exeUnicorn-32952.exeUnicorn-19116.exeUnicorn-8255.exeUnicorn-30814.exeUnicorn-52557.exeUnicorn-44389.exeUnicorn-2801.exeUnicorn-51810.exeUnicorn-8831.exeUnicorn-3356.exeUnicorn-46335.exeUnicorn-62116.exeUnicorn-53948.exeUnicorn-38166.exeUnicorn-27306.exeUnicorn-19714.exeUnicorn-13169.exeUnicorn-16699.exeUnicorn-6947.exeUnicorn-10476.exeUnicorn-41203.exeUnicorn-64316.exeUnicorn-39833.exeUnicorn-5022.exeUnicorn-50694.exeUnicorn-54031.exeUnicorn-54031.exeUnicorn-35557.exeUnicorn-38249.exe

pid	process
3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
2504	Unicorn-19662.exe
2540	Unicorn-38773.exe
2624	Unicorn-27913.exe
2576	Unicorn-51623.exe
2476	Unicorn-35841.exe
1224	Unicorn-47539.exe
1300	Unicorn-20944.exe
564	Unicorn-39972.exe
1880	Unicorn-39226.exe
1356	Unicorn-59838.exe
2944	Unicorn-9246.exe
1100	Unicorn-40077.exe
2296	Unicorn-5266.exe
2784	Unicorn-16127.exe
2088	Unicorn-65136.exe
1344	Unicorn-65136.exe
2792	Unicorn-35993.exe
2312	Unicorn-9350.exe
1928	Unicorn-56174.exe
1536	Unicorn-32869.exe
1824	Unicorn-49952.exe
968	Unicorn-57373.exe
2928	Unicorn-61457.exe
1452	Unicorn-61457.exe
744	Unicorn-10865.exe
588	Unicorn-36953.exe
1740	Unicorn-10310.exe
888	Unicorn-10865.exe
2924	Unicorn-6226.exe
1648	Unicorn-55982.exe
1560	Unicorn-22838.exe
2640	Unicorn-41120.exe
2544	Unicorn-37036.exe
2636	Unicorn-17170.exe
2968	Unicorn-32952.exe
2444	Unicorn-19116.exe
2468	Unicorn-8255.exe
2416	Unicorn-30814.exe
704	Unicorn-52557.exe
1144	Unicorn-44389.exe
2848	Unicorn-2801.exe
2512	Unicorn-51810.exe
2256	Unicorn-8831.exe
2284	Unicorn-3356.exe
1904	Unicorn-46335.exe
2800	Unicorn-62116.exe
2656	Unicorn-53948.exe
2672	Unicorn-38166.exe
2452	Unicorn-27306.exe
1756	Unicorn-19714.exe
1476	Unicorn-13169.exe
1836	Unicorn-16699.exe
1884	Unicorn-6947.exe
2936	Unicorn-10476.exe
1008	Unicorn-41203.exe
1932	Unicorn-64316.exe
1596	Unicorn-39833.exe
2720	Unicorn-5022.exe
1484	Unicorn-50694.exe
2436	Unicorn-54031.exe
2708	Unicorn-54031.exe
2700	Unicorn-35557.exe
1208	Unicorn-38249.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exeUnicorn-19662.exeUnicorn-27913.exeUnicorn-38773.exeUnicorn-47539.exeUnicorn-35841.exeUnicorn-51623.exeUnicorn-39972.exe

description	pid	process	target process
PID 3036 wrote to memory of 2504	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-19662.exe
PID 3036 wrote to memory of 2504	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-19662.exe
PID 3036 wrote to memory of 2504	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-19662.exe
PID 3036 wrote to memory of 2504	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-19662.exe
PID 2504 wrote to memory of 2624	2504	Unicorn-19662.exe	Unicorn-27913.exe
PID 2504 wrote to memory of 2624	2504	Unicorn-19662.exe	Unicorn-27913.exe
PID 2504 wrote to memory of 2624	2504	Unicorn-19662.exe	Unicorn-27913.exe
PID 2504 wrote to memory of 2624	2504	Unicorn-19662.exe	Unicorn-27913.exe
PID 3036 wrote to memory of 2540	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-38773.exe
PID 3036 wrote to memory of 2540	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-38773.exe
PID 3036 wrote to memory of 2540	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-38773.exe
PID 3036 wrote to memory of 2540	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	Unicorn-38773.exe
PID 3036 wrote to memory of 2608	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	WerFault.exe
PID 3036 wrote to memory of 2608	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	WerFault.exe
PID 3036 wrote to memory of 2608	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	WerFault.exe
PID 3036 wrote to memory of 2608	3036	432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe	WerFault.exe
PID 2624 wrote to memory of 2576	2624	Unicorn-27913.exe	Unicorn-51623.exe
PID 2624 wrote to memory of 2576	2624	Unicorn-27913.exe	Unicorn-51623.exe
PID 2624 wrote to memory of 2576	2624	Unicorn-27913.exe	Unicorn-51623.exe
PID 2624 wrote to memory of 2576	2624	Unicorn-27913.exe	Unicorn-51623.exe
PID 2540 wrote to memory of 1224	2540	Unicorn-38773.exe	Unicorn-47539.exe
PID 2540 wrote to memory of 1224	2540	Unicorn-38773.exe	Unicorn-47539.exe
PID 2540 wrote to memory of 1224	2540	Unicorn-38773.exe	Unicorn-47539.exe
PID 2540 wrote to memory of 1224	2540	Unicorn-38773.exe	Unicorn-47539.exe
PID 2504 wrote to memory of 2476	2504	Unicorn-19662.exe	Unicorn-35841.exe
PID 2504 wrote to memory of 2476	2504	Unicorn-19662.exe	Unicorn-35841.exe
PID 2504 wrote to memory of 2476	2504	Unicorn-19662.exe	Unicorn-35841.exe
PID 2504 wrote to memory of 2476	2504	Unicorn-19662.exe	Unicorn-35841.exe
PID 2504 wrote to memory of 760	2504	Unicorn-19662.exe	WerFault.exe
PID 2504 wrote to memory of 760	2504	Unicorn-19662.exe	WerFault.exe
PID 2504 wrote to memory of 760	2504	Unicorn-19662.exe	WerFault.exe
PID 2504 wrote to memory of 760	2504	Unicorn-19662.exe	WerFault.exe
PID 1224 wrote to memory of 1300	1224	Unicorn-47539.exe	Unicorn-20944.exe
PID 1224 wrote to memory of 1300	1224	Unicorn-47539.exe	Unicorn-20944.exe
PID 1224 wrote to memory of 1300	1224	Unicorn-47539.exe	Unicorn-20944.exe
PID 1224 wrote to memory of 1300	1224	Unicorn-47539.exe	Unicorn-20944.exe
PID 2540 wrote to memory of 564	2540	Unicorn-38773.exe	Unicorn-39972.exe
PID 2540 wrote to memory of 564	2540	Unicorn-38773.exe	Unicorn-39972.exe
PID 2540 wrote to memory of 564	2540	Unicorn-38773.exe	Unicorn-39972.exe
PID 2540 wrote to memory of 564	2540	Unicorn-38773.exe	Unicorn-39972.exe
PID 2476 wrote to memory of 1880	2476	Unicorn-35841.exe	Unicorn-39226.exe
PID 2476 wrote to memory of 1880	2476	Unicorn-35841.exe	Unicorn-39226.exe
PID 2476 wrote to memory of 1880	2476	Unicorn-35841.exe	Unicorn-39226.exe
PID 2476 wrote to memory of 1880	2476	Unicorn-35841.exe	Unicorn-39226.exe
PID 2576 wrote to memory of 1356	2576	Unicorn-51623.exe	Unicorn-59838.exe
PID 2576 wrote to memory of 1356	2576	Unicorn-51623.exe	Unicorn-59838.exe
PID 2576 wrote to memory of 1356	2576	Unicorn-51623.exe	Unicorn-59838.exe
PID 2576 wrote to memory of 1356	2576	Unicorn-51623.exe	Unicorn-59838.exe
PID 2624 wrote to memory of 2944	2624	Unicorn-27913.exe	Unicorn-9246.exe
PID 2624 wrote to memory of 2944	2624	Unicorn-27913.exe	Unicorn-9246.exe
PID 2624 wrote to memory of 2944	2624	Unicorn-27913.exe	Unicorn-9246.exe
PID 2624 wrote to memory of 2944	2624	Unicorn-27913.exe	Unicorn-9246.exe
PID 2540 wrote to memory of 2680	2540	Unicorn-38773.exe	WerFault.exe
PID 2540 wrote to memory of 2680	2540	Unicorn-38773.exe	WerFault.exe
PID 2540 wrote to memory of 2680	2540	Unicorn-38773.exe	WerFault.exe
PID 2540 wrote to memory of 2680	2540	Unicorn-38773.exe	WerFault.exe
PID 2624 wrote to memory of 1924	2624	Unicorn-27913.exe	WerFault.exe
PID 2624 wrote to memory of 1924	2624	Unicorn-27913.exe	WerFault.exe
PID 2624 wrote to memory of 1924	2624	Unicorn-27913.exe	WerFault.exe
PID 2624 wrote to memory of 1924	2624	Unicorn-27913.exe	WerFault.exe
PID 564 wrote to memory of 1100	564	Unicorn-39972.exe	Unicorn-40077.exe
PID 564 wrote to memory of 1100	564	Unicorn-39972.exe	Unicorn-40077.exe
PID 564 wrote to memory of 1100	564	Unicorn-39972.exe	Unicorn-40077.exe
PID 564 wrote to memory of 1100	564	Unicorn-39972.exe	Unicorn-40077.exe

C:\Users\Admin\AppData\Local\Temp\432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe
"C:\Users\Admin\AppData\Local\Temp\432f5e016dcfa1d80300a6cde4528be9beb5ed869467506c7046e00dbe5951d7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        10⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        11⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        12⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        13⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 220
        13⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
        11⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
        10⤵
        Program crash
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        11⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        12⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
        12⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
        11⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        11⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        12⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        12⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
        9⤵
        Program crash
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        8⤵
        Program crash
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        8⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        12⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        12⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        10⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 216
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        11⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        7⤵
        Program crash
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        12⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        12⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        11⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57731.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        11⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        12⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        11⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        9⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
        8⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        8⤵
        Program crash
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:1084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
        6⤵
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        12⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        12⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        11⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        10⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        9⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55593.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        10⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        8⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        7⤵
        Program crash
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        11⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        10⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        9⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        10⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        10⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        9⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        7⤵
        
        PID:4888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
        6⤵
        Program crash
        
        PID:1608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        11⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        11⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        10⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        11⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        10⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        11⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
        10⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        7⤵
        Program crash
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        11⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 220
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 212
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        8⤵
        Program crash
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        10⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        9⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        7⤵
        Program crash
        
        PID:3620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        6⤵
        Program crash
        
        PID:864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        5⤵
        Program crash
        
        PID:1704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        12⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        12⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        11⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
        10⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        9⤵
        Program crash
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48987.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        11⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        12⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        11⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        Program crash
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
        10⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37561.exe
        11⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        12⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        11⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
        9⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        7⤵
        Program crash
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        11⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        12⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        10⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        11⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        10⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        9⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        8⤵
        Program crash
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        7⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        10⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        12⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        11⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        10⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 236
        10⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        7⤵
        Program crash
        
        PID:3672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
        6⤵
        Program crash
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
        11⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        10⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        9⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        10⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        10⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        9⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        Program crash
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        10⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        11⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        10⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        8⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        7⤵
        Program crash
        
        PID:3592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        6⤵
        Program crash
        
        PID:2100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        5⤵
        Program crash
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        11⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        7⤵
        Program crash
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        10⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        8⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
        7⤵
        Program crash
        
        PID:3188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        6⤵
        Program crash
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        10⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        11⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        10⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        9⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
        7⤵
        Program crash
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        6⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        9⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
        9⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        8⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
        7⤵
        
        PID:6132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        6⤵
        
        PID:4680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
        5⤵
        Program crash
        
        PID:1200
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        11⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        12⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
        12⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        11⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        9⤵
        Program crash
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        11⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        11⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 220
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        9⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        7⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        11⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
        11⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        10⤵
        
        PID:652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        8⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        11⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        11⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 220
        8⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        10⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        10⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
        8⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        7⤵
        Program crash
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        6⤵
        Program crash
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        11⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        9⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        10⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        10⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        9⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
        8⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        10⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        10⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        9⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        8⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        7⤵
        Program crash
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
        6⤵
        Program crash
        
        PID:672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 220
        5⤵
        Program crash
        
        PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        11⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        11⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-362.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
        9⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        10⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        10⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        9⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        8⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48240.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        9⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        10⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 236
        10⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        9⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
        8⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        7⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        6⤵
        Program crash
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        9⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
        10⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        9⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        9⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 236
        9⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
        8⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        7⤵
        
        PID:6204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        6⤵
        
        PID:4840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        5⤵
        Program crash
        
        PID:1044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        10⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        12⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        11⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        10⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
        10⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        8⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        11⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        11⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        10⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        9⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 216
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        10⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        11⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        11⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 240
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        8⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        9⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        10⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 220
        10⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        9⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        7⤵
        
        PID:4208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        6⤵
        Program crash
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        8⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        10⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        11⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        8⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        9⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        10⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
        9⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        8⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
        7⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        6⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57934.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        10⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        10⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        9⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        9⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        8⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        7⤵
        
        PID:5296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        6⤵
        Program crash
        
        PID:3540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        5⤵
        Program crash
        
        PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21126.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        11⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 220
        11⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        8⤵
        Program crash
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        6⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        10⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        10⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        9⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        8⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        7⤵
        
        PID:4316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        6⤵
        Program crash
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        9⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        9⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        8⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        7⤵
        
        PID:4964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        6⤵
        Program crash
        
        PID:3840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        5⤵
        Program crash
        
        PID:2564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 220
      4⤵
      Program crash
      PID:2040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
  2⤵
  - Program crash
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe

Filesize
184KB

MD5
57da76e8f3e1aa275f19bee495e287e6

SHA1
6f76938b1402066f02ecacc70ad005e923c7bcfb

SHA256
969b6800ed2b70e75556633aa70c7e0af4f0e95281c20f5ff957f3f141419625

SHA512
01abafe5fa3eaacb87ec5c574354cf5b04375b336b7840ead5a4f9493d3088fa594096a05ade0bf542bcf67223a9ee655ee138ebbefc55b87cfb7c55f51954d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe

Filesize
184KB

MD5
e730885ceb7b449381740f14df743db8

SHA1
74e15d19061c965e2c6681038abde838d030f53d

SHA256
662d9006db2067ce64d282d8f040d845ba146bd9112c63d0de5511522cfb156b

SHA512
d220f04582cbb51378118abcc38414d50ac3822d0aaad3ae241361744fe7cb7f2a3c1bac87991ee1cde1ba4c877db67ffab3718063848e74505925ad97bef0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe

Filesize
184KB

MD5
4ef4244750938d9c5e82c8914d2eddd9

SHA1
b64216dce374d29319e0c317e2950984be9297d0

SHA256
d0a9e82acec2d2a311dbf4009aa436c8c207797e4f23aff269403cb934cb745f

SHA512
07ab03b08b08d979506e5c5b6825a9e397ea0aa1447d295abcf8a08b137727e91cfa84866b14e19ee83274922517c9f4230e4aa01f014c11f0dd8e48701a7ec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe

Filesize
184KB

MD5
6eff94ddb94d99afa45f4f346d30292e

SHA1
7db61d34ab121266fb0aa20cad00f8a4e5c2778a

SHA256
04a4cdb3991d1cd8100780ffe046b5e46563cc6bffe79254db48e303449e28bd

SHA512
6b7d5af264fe316114bed89e0389425b35ca9136ddae8753e600336e2c679a1b6dded411e3808727f0942c0893fd7b3651426048253947bb832fb63faf14ac60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe

Filesize
184KB

MD5
bb05113878d3a28d107cd4ced15f0ae5

SHA1
43ad21a57acf4bf94d3607b2fbb069f69dcaa134

SHA256
5262e315d866af6f5c8a0cd9e9c95a7d5aa4f75a35df3f721fc16944f9436fe3

SHA512
8a8f5dfb5ed529d6b116db3956461e7e875e964861507f594a45bdb75fa44d54be76212b0c54652bf22fa401245f822cbd72f4652a2fe182063c41843ebb2dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe

Filesize
184KB

MD5
4653bf5b30f59e17758ef5c1d0373303

SHA1
1285348f4746afeb1f08b9f0eefdfe00188e2c91

SHA256
69ba25b9f51593f0c5427ce6d031ebd1648671f1cef2542a85246b80ef6e5dc7

SHA512
ae74556365afa36a06bed6b6e3b95e939beb4d4ddb47ae8e6f704262ef4f5ee4852a614b79a791605aa4949c043ba635a006514615b7f87a2948be956b8294d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe

Filesize
184KB

MD5
3e75f70b284f8ad63d7d1fe88b8993f6

SHA1
b9d5b133b12995a39e6fba223401f34187f844f6

SHA256
a165329b5bfdc7f391b81abe78cbdd42847c7d606c5077d1870314e56062034c

SHA512
7fc4331901f9b181dbc68f341e7f8821cfbdd01b4bbaea6c79e3bb0e1d93aaa1bcd6b4c38548ccc86e4c9f2fe3b0060082fdc9f06dc13c878943877d8e0eb126

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe

Filesize
184KB

MD5
a78e58b04a70a0e71b4231131573f210

SHA1
33d6221729297b8b688fd22ab68356ca60957e7d

SHA256
0dda2bcd4d678ea2f86ef5555b7903e3f7300bc90b9971245ff8c8d21e7736c3

SHA512
fd556405c70fc2e6f2f9b776a85b6c4d675f47daa14b9a5e656c8fea25c7cf65dbbbf8850675bd807495eae517466f6e9feafa20d3b233939004ad10b3a13cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe

Filesize
184KB

MD5
c681bb3b06b289bb39c7e81e56e6c6a8

SHA1
f9c116d4dff115a002070aa4c81ec313134c2a87

SHA256
fc1d12cb84152d55600391344f7cdf5f6385fce0e69ab837d2ae6f285169cd7e

SHA512
5a2f04acc48ca3efe03d5f27f21849058864367cc52b49acc27cee7951a3f9c3acded7815aab4012333d72deb96f4599539b73b592d4c94c418ccf8dea166329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe

Filesize
184KB

MD5
298c5e6ccc4bd4a95bb934edc217f202

SHA1
697eae9f6a3f8fd0c7ab4b3ca36960c488796846

SHA256
5993da1a135743aef8e0a53d112757092a48379ef29e5fb28302dad9f8c993e0

SHA512
7fb8f2732decc39500bcb65cf4d29935a9e8669395a5cbca5ce893c32770a9180f5d6e83cacd5306ff25beacbf5339725e2cef6019e106994d2329b42ca5f918

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe

Filesize
184KB

MD5
7b679b110c5ac6f399ad0be0a197a13a

SHA1
dd52a5b61fef76674121789824e92f43bc5ea996

SHA256
dc99d68431f10ebc04d9dfd6da34c10ef7d81c260e7dbda93510be003c4190fe

SHA512
92982d2d1360a2cce0d4cc3208754ca5c037700da214d8bd283d6ba7d5906068b75e40ba19a09d1724737e17b8726394dacc0052267709a3973d4241a79a9ce9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe

Filesize
184KB

MD5
f78a0cb5e8200044afa4b0ce975c14e3

SHA1
dfde7eb08645563bfa2975850dfd4b53be93a0bd

SHA256
8abc903b8b1fa30be78bbe7f748194d662e3ffea1902963afd5fa9db9e80e51d

SHA512
8888cbeb918377642a4055d1fe2bb80c7174195f8e644df09c2af12cc4da46ff1e7467d952315bd14e68949296c038749d92c61b85b27c8c7b299c1f417cc9b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe

Filesize
184KB

MD5
0efbbabf05eddd5cffb581acbda86f06

SHA1
e745bb0ea10adc87a9f67bd1a4489c7c604d58c2

SHA256
52e483d1bf1641f90c6347d211c0eb309517aca20be06db541757574243c543c

SHA512
74565a79f4da3b885fbebdf11131311617b0bbae73b00fa461ef802576be07327c59f22858c3fd8d6351df59f7f2a6b6ed9f3b80e75f9554e7a71c675d3cc861

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe

Filesize
184KB

MD5
4d09a4c38858a3d2974597a2e02a7786

SHA1
90b3c027cfee33dc308c6ca06db71bee4d83c0f9

SHA256
3fc2af3fb0a84b848790a36ec70e88e8222acbd659f6c91d1ac50989727b2b86

SHA512
f7e1ca6344902d477b29297d4773049251e745e0866a30cdf891353ef5038b753c8205b7432c2fa4f0541f6d2f76d6f68dc98aed465cb253c0da21e62d773734

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe

Filesize
184KB

MD5
3dae1a8529dd808d9e6770d8f569cc55

SHA1
5865be9de1b593a634ac0e7b13f86ba3cfe11902

SHA256
6fd641cbec08ba5bc20cf2dff8bd33e279c59cd119cfaedb7b84b25cf75fd6b6

SHA512
748468775dc53923b785318f8dfd40117b44633edba5bc85af463d70b71c35a1f9acae623e7006ab07ceb9d4ce4a5fabc481ca696b33132827309af5a7d4e402

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe

Filesize
184KB

MD5
aa3c249163e6c220af0e0ff344b9c70e

SHA1
9d3e1bad6a0d3a36ae06709ec5b0d512deb35679

SHA256
4ee143d44dcf59938e0d90c2e89b82258a9a5afe69a52daa0cbfbaf6c2ee87f2

SHA512
f1b671b8764363d2e8ded680a56e70408e7bdb26c706da244851e3ae0a4703e0f74934cdfc63a9099dc963b50d0a31e3a595440b037a6aa65b3ad02d86dd5dab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe

Filesize
184KB

MD5
f2bd2f251ecc3b7ee9c2394e68fee6cb

SHA1
d82a9b23d75d127185a4ead22dab97ee5240edf3

SHA256
1e47e9dac3385b79a7a3a492f371d8481a23122514c8e37fbd74cd0b3467e692

SHA512
b1fe67dcdca17d69f9f51ac7600a5b5dcf7068471eb96326d68ec67abf88b0786359f661b4339aa7a37a9cf4e618b7c572f3e4f4952125cc5768d8d716a5ea02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe

Filesize
184KB

MD5
ed7dcd591cfa1f11f5ed35bbd2bdca19

SHA1
585fd97f9b9e8e1b4d7ad4c600b64d3e02dcdeaf

SHA256
1bd5ba6b422d7ad9d33a6e8b778cab5bbc7dcc7c55138ac0161e7422a7b954a5

SHA512
a6ce9d9b107c43cf1bdb333d7d6e5af44cf333e88c0233b692b53422acda38b3bd2be972dd20b33d4033e9b0f99609a8a4fe393ff87049a1a10f91a571fc73a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe

Filesize
184KB

MD5
e5703bf93a9b5b14f18237c1eb85dead

SHA1
1f99a475995b48cff332d423be5416fe55e8edc8

SHA256
9087feeb8e4dd25d399162987b16526376a3fdf5be572d9299d705abc88aa804

SHA512
77b2047435e8e2c2b983046b50c7025385857604e214861f2afec6487dd9c4484377c437939afbc9782f6dcb7e4960f8d1710bae0482e0af35c82459be97bfe9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe

Filesize
184KB

MD5
d76818e822d3b8c19af77fe9db8d9ec2

SHA1
1739559e47d141234cad2976825a7ffe5f2ab7be

SHA256
77258c4a7d41297360918b50be095efe118add101874b4b4dd4d550710b00bae

SHA512
9b3b4050ee641b1b4b8cd551b60284c734e60b42e6fbf925899a402648704739cdc6dde0206e8ab6156bf85c9af9d50ee60cbecd4adfbe57c8effee4682c80c8

Download Submit