eee3cd21be353643778a0128cd61911a118bb1730322296d480d8bf8dcaf2789

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
Size

184KB
MD5

85a68c56d0c71b5efaa18b11b495ab60
SHA1

4c55553392bc6f948d68955607858870d104f6e9
SHA256

eee3cd21be353643778a0128cd61911a118bb1730322296d480d8bf8dcaf2789
SHA512

d01fde9a5a34984f7802f99a868cb1147e950380c96c7c23a0b58c44a3f6aa5e0115c2b68a5655caed881b6c8ad0af9178a4ab9bfdb7df741555e61438d2dbea
SSDEEP

3072:WUm5e2odOpBzdVNYeoILpxWpIKYYU0PKm+wIO5f1UOLhlnVWZd:WU8oQpVNdLPWpI/pS5hlnVW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2808	Unicorn-53633.exe
2936	Unicorn-24268.exe
2500	Unicorn-25502.exe
2612	Unicorn-31161.exe
3028	Unicorn-41877.exe
2360	Unicorn-4627.exe
1500	Unicorn-28765.exe
1504	Unicorn-54709.exe
2044	Unicorn-14657.exe
2680	Unicorn-46474.exe
2772	Unicorn-26608.exe
1772	Unicorn-60222.exe
1728	Unicorn-18732.exe
1608	Unicorn-32454.exe
1288	Unicorn-17160.exe
2736	Unicorn-59304.exe
788	Unicorn-20166.exe
3016	Unicorn-22578.exe
604	Unicorn-24738.exe
1800	Unicorn-17557.exe
2740	Unicorn-11936.exe
1872	Unicorn-40223.exe
908	Unicorn-29119.exe
2912	Unicorn-51978.exe
2708	Unicorn-58281.exe
2892	Unicorn-44036.exe
2780	Unicorn-63901.exe
2324	Unicorn-1301.exe
2016	Unicorn-57757.exe
1600	Unicorn-57757.exe
1752	Unicorn-43834.exe
2464	Unicorn-57184.exe
2652	Unicorn-1740.exe
2528	Unicorn-49992.exe
2816	Unicorn-33722.exe
1012	Unicorn-58518.exe
2456	Unicorn-40348.exe
940	Unicorn-23720.exe
2424	Unicorn-13461.exe
944	Unicorn-20482.exe
1836	Unicorn-7317.exe
1796	Unicorn-21982.exe
1832	Unicorn-3721.exe
2216	Unicorn-49393.exe
1644	Unicorn-31750.exe
1588	Unicorn-52492.exe
324	Unicorn-26461.exe
2452	Unicorn-9962.exe
684	Unicorn-13579.exe
2724	Unicorn-59251.exe
2864	Unicorn-51455.exe
2244	Unicorn-40405.exe
1952	Unicorn-57312.exe
948	Unicorn-28993.exe
2812	Unicorn-38880.exe
2412	Unicorn-13851.exe
2116	Unicorn-29140.exe
2888	Unicorn-41780.exe
572	Unicorn-7707.exe
2336	Unicorn-40214.exe
960	Unicorn-55764.exe
2532	Unicorn-49521.exe
2684	Unicorn-14466.exe
2236	Unicorn-13418.exe

Loads dropped DLL 64 IoCs

pid	Process
640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
2808	Unicorn-53633.exe
640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
2808	Unicorn-53633.exe
640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
2500	Unicorn-25502.exe
2500	Unicorn-25502.exe
2936	Unicorn-24268.exe
2936	Unicorn-24268.exe
2808	Unicorn-53633.exe
2808	Unicorn-53633.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2612	Unicorn-31161.exe
2612	Unicorn-31161.exe
2500	Unicorn-25502.exe
2500	Unicorn-25502.exe
3028	Unicorn-41877.exe
3028	Unicorn-41877.exe
2360	Unicorn-4627.exe
2936	Unicorn-24268.exe
2360	Unicorn-4627.exe
2936	Unicorn-24268.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1500	Unicorn-28765.exe
1500	Unicorn-28765.exe
2612	Unicorn-31161.exe
2612	Unicorn-31161.exe
2044	Unicorn-14657.exe
2044	Unicorn-14657.exe
3028	Unicorn-41877.exe
3028	Unicorn-41877.exe
2772	Unicorn-26608.exe
2772	Unicorn-26608.exe
1504	Unicorn-54709.exe
1504	Unicorn-54709.exe
2360	Unicorn-4627.exe
2680	Unicorn-46474.exe
2360	Unicorn-4627.exe
2680	Unicorn-46474.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2364	640	WerFault.exe	27
2952	2808	WerFault.exe	28
1976	2500	WerFault.exe	30
1972	2936	WerFault.exe	29
3056	2612	WerFault.exe	32
1152	3028	WerFault.exe	33
2024	2360	WerFault.exe	34
2580	1500	WerFault.exe	36
2624	2044	WerFault.exe	38
2716	2772	WerFault.exe	40
2560	1504	WerFault.exe	37
2356	2680	WerFault.exe	39
1392	1728	WerFault.exe	44
1364	1772	WerFault.exe	43
1852	1288	WerFault.exe	46
1072	1608	WerFault.exe	45
1668	788	WerFault.exe	48
968	2736	WerFault.exe	47
1744	604	WerFault.exe	50
2036	3016	WerFault.exe	49
2400	2708	WerFault.exe	59
1076	2016	WerFault.exe	64
1368	1752	WerFault.exe	66
916	2324	WerFault.exe	63
1456	1800	WerFault.exe	54
2208	1872	WerFault.exe	56
1652	944	WerFault.exe	81
1048	940	WerFault.exe	78
2008	2912	WerFault.exe	58
2304	1836	WerFault.exe	82
2720	2216	WerFault.exe	85
1720	2464	WerFault.exe	71
1968	1012	WerFault.exe	77
3252	1600	WerFault.exe	65
3272	2864	WerFault.exe	100
3412	2812	WerFault.exe	104
3452	2816	WerFault.exe	76
3496	684	WerFault.exe	90
3520	324	WerFault.exe	88
3528	2740	WerFault.exe	55
3604	1588	WerFault.exe	87
3632	1796	WerFault.exe	83
3640	908	WerFault.exe	57
3648	2452	WerFault.exe	89
3776	2424	WerFault.exe	80
3784	2456	WerFault.exe	79
3812	2724	WerFault.exe	91
3852	2528	WerFault.exe	75
3860	2892	WerFault.exe	60
3868	1832	WerFault.exe	84
3972	2244	WerFault.exe	101
3400	1248	WerFault.exe	137
3792	1644	WerFault.exe	86
3804	2888	WerFault.exe	107
3880	2116	WerFault.exe	106
3952	2652	WerFault.exe	73
4016	2532	WerFault.exe	111
4056	2236	WerFault.exe	113
4088	772	WerFault.exe	118
3108	2156	WerFault.exe	136
3268	2940	WerFault.exe	119
3344	2916	WerFault.exe	120
3488	936	WerFault.exe	116
3720	2712	WerFault.exe	141

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
2808	Unicorn-53633.exe
2936	Unicorn-24268.exe
2500	Unicorn-25502.exe
2612	Unicorn-31161.exe
3028	Unicorn-41877.exe
2360	Unicorn-4627.exe
1500	Unicorn-28765.exe
1504	Unicorn-54709.exe
2044	Unicorn-14657.exe
2680	Unicorn-46474.exe
2772	Unicorn-26608.exe
1772	Unicorn-60222.exe
1728	Unicorn-18732.exe
1608	Unicorn-32454.exe
1288	Unicorn-17160.exe
2736	Unicorn-59304.exe
788	Unicorn-20166.exe
3016	Unicorn-22578.exe
604	Unicorn-24738.exe
1800	Unicorn-17557.exe
2740	Unicorn-11936.exe
1872	Unicorn-40223.exe
908	Unicorn-29119.exe
2912	Unicorn-51978.exe
2708	Unicorn-58281.exe
2892	Unicorn-44036.exe
2780	Unicorn-63901.exe
2016	Unicorn-57757.exe
1600	Unicorn-57757.exe
2324	Unicorn-1301.exe
1752	Unicorn-43834.exe
2464	Unicorn-57184.exe
2652	Unicorn-1740.exe
2528	Unicorn-49992.exe
2816	Unicorn-33722.exe
1012	Unicorn-58518.exe
2456	Unicorn-40348.exe
940	Unicorn-23720.exe
944	Unicorn-20482.exe
1836	Unicorn-7317.exe
1796	Unicorn-21982.exe
2424	Unicorn-13461.exe
1832	Unicorn-3721.exe
2216	Unicorn-49393.exe
324	Unicorn-26461.exe
2452	Unicorn-9962.exe
1644	Unicorn-31750.exe
1588	Unicorn-52492.exe
684	Unicorn-13579.exe
2724	Unicorn-59251.exe
2864	Unicorn-51455.exe
2244	Unicorn-40405.exe
1952	Unicorn-57312.exe
948	Unicorn-28993.exe
2812	Unicorn-38880.exe
2412	Unicorn-13851.exe
2116	Unicorn-29140.exe
572	Unicorn-7707.exe
2888	Unicorn-41780.exe
1308	Unicorn-33284.exe
960	Unicorn-55764.exe
2336	Unicorn-40214.exe
2532	Unicorn-49521.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 2808	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	28
PID 640 wrote to memory of 2808	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	28
PID 640 wrote to memory of 2808	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	28
PID 640 wrote to memory of 2808	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	28
PID 2808 wrote to memory of 2936	2808	Unicorn-53633.exe	29
PID 2808 wrote to memory of 2936	2808	Unicorn-53633.exe	29
PID 2808 wrote to memory of 2936	2808	Unicorn-53633.exe	29
PID 2808 wrote to memory of 2936	2808	Unicorn-53633.exe	29
PID 640 wrote to memory of 2500	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	30
PID 640 wrote to memory of 2500	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	30
PID 640 wrote to memory of 2500	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	30
PID 640 wrote to memory of 2500	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	30
PID 640 wrote to memory of 2364	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	31
PID 640 wrote to memory of 2364	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	31
PID 640 wrote to memory of 2364	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	31
PID 640 wrote to memory of 2364	640	85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe	31
PID 2500 wrote to memory of 2612	2500	Unicorn-25502.exe	32
PID 2500 wrote to memory of 2612	2500	Unicorn-25502.exe	32
PID 2500 wrote to memory of 2612	2500	Unicorn-25502.exe	32
PID 2500 wrote to memory of 2612	2500	Unicorn-25502.exe	32
PID 2936 wrote to memory of 3028	2936	Unicorn-24268.exe	33
PID 2936 wrote to memory of 3028	2936	Unicorn-24268.exe	33
PID 2936 wrote to memory of 3028	2936	Unicorn-24268.exe	33
PID 2936 wrote to memory of 3028	2936	Unicorn-24268.exe	33
PID 2808 wrote to memory of 2360	2808	Unicorn-53633.exe	34
PID 2808 wrote to memory of 2360	2808	Unicorn-53633.exe	34
PID 2808 wrote to memory of 2360	2808	Unicorn-53633.exe	34
PID 2808 wrote to memory of 2360	2808	Unicorn-53633.exe	34
PID 2808 wrote to memory of 2952	2808	Unicorn-53633.exe	35
PID 2808 wrote to memory of 2952	2808	Unicorn-53633.exe	35
PID 2808 wrote to memory of 2952	2808	Unicorn-53633.exe	35
PID 2808 wrote to memory of 2952	2808	Unicorn-53633.exe	35
PID 2612 wrote to memory of 1500	2612	Unicorn-31161.exe	36
PID 2612 wrote to memory of 1500	2612	Unicorn-31161.exe	36
PID 2612 wrote to memory of 1500	2612	Unicorn-31161.exe	36
PID 2612 wrote to memory of 1500	2612	Unicorn-31161.exe	36
PID 2500 wrote to memory of 1504	2500	Unicorn-25502.exe	37
PID 2500 wrote to memory of 1504	2500	Unicorn-25502.exe	37
PID 2500 wrote to memory of 1504	2500	Unicorn-25502.exe	37
PID 2500 wrote to memory of 1504	2500	Unicorn-25502.exe	37
PID 3028 wrote to memory of 2044	3028	Unicorn-41877.exe	38
PID 3028 wrote to memory of 2044	3028	Unicorn-41877.exe	38
PID 3028 wrote to memory of 2044	3028	Unicorn-41877.exe	38
PID 3028 wrote to memory of 2044	3028	Unicorn-41877.exe	38
PID 2360 wrote to memory of 2680	2360	Unicorn-4627.exe	39
PID 2360 wrote to memory of 2680	2360	Unicorn-4627.exe	39
PID 2360 wrote to memory of 2680	2360	Unicorn-4627.exe	39
PID 2360 wrote to memory of 2680	2360	Unicorn-4627.exe	39
PID 2936 wrote to memory of 2772	2936	Unicorn-24268.exe	40
PID 2936 wrote to memory of 2772	2936	Unicorn-24268.exe	40
PID 2936 wrote to memory of 2772	2936	Unicorn-24268.exe	40
PID 2936 wrote to memory of 2772	2936	Unicorn-24268.exe	40
PID 2500 wrote to memory of 1976	2500	Unicorn-25502.exe	41
PID 2500 wrote to memory of 1976	2500	Unicorn-25502.exe	41
PID 2500 wrote to memory of 1976	2500	Unicorn-25502.exe	41
PID 2500 wrote to memory of 1976	2500	Unicorn-25502.exe	41
PID 2936 wrote to memory of 1972	2936	Unicorn-24268.exe	42
PID 2936 wrote to memory of 1972	2936	Unicorn-24268.exe	42
PID 2936 wrote to memory of 1972	2936	Unicorn-24268.exe	42
PID 2936 wrote to memory of 1972	2936	Unicorn-24268.exe	42
PID 1500 wrote to memory of 1772	1500	Unicorn-28765.exe	43
PID 1500 wrote to memory of 1772	1500	Unicorn-28765.exe	43
PID 1500 wrote to memory of 1772	1500	Unicorn-28765.exe	43
PID 1500 wrote to memory of 1772	1500	Unicorn-28765.exe	43

C:\Users\Admin\AppData\Local\Temp\85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\85a68c56d0c71b5efaa18b11b495ab60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        11⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        12⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        13⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        14⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        13⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
        12⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        11⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
        10⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        9⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
        12⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        13⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        13⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        12⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        11⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        10⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        9⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        8⤵
        Program crash
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        10⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        12⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        13⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        14⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        14⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        13⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        12⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        11⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        10⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        9⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        10⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        11⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        12⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        13⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        13⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        12⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
        10⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        9⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        8⤵
        Program crash
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        7⤵
        Program crash
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        12⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        13⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
        12⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        10⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
        9⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        8⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        8⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 240
        9⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
        8⤵
        Program crash
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        7⤵
        Program crash
        
        PID:2008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        6⤵
        Program crash
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        12⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        8⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        7⤵
        Program crash
        
        PID:3452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
        6⤵
        Program crash
        
        PID:1852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        11⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        12⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        13⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        13⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        12⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        11⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        8⤵
        Program crash
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        11⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        12⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        7⤵
        Program crash
        
        PID:2720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        6⤵
        Program crash
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        11⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        12⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        12⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        9⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        8⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        7⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
        10⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        11⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 220
        11⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 216
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        Program crash
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        8⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
        7⤵
        Program crash
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        6⤵
        Program crash
        
        PID:916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        5⤵
        Program crash
        
        PID:2716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        11⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        12⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        13⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        14⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 236
        13⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        12⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7716.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        12⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
        13⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 236
        12⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 240
        11⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        9⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        10⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        12⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 236
        12⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        9⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
        8⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        7⤵
        Program crash
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        11⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        12⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        13⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        13⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        10⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        9⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        11⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        12⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        12⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        11⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        10⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        8⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
        6⤵
        Program crash
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        11⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        12⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
        12⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        8⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
        7⤵
        Program crash
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        10⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 236
        10⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        7⤵
        Program crash
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        6⤵
        Program crash
        
        PID:1368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        5⤵
        Program crash
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        11⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        12⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        12⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 216
        8⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        6⤵
        Executes dropped EXE
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        11⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        10⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        7⤵
        Program crash
        
        PID:4056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 216
        10⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        8⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
        7⤵
        
        PID:5052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        6⤵
        Program crash
        
        PID:3812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 220
        5⤵
        Program crash
        
        PID:2036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        11⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
        13⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        13⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
        11⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        10⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        8⤵
        Program crash
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
        7⤵
        Executes dropped EXE
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        11⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        12⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        7⤵
        Program crash
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        11⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 236
        12⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        11⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        10⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        11⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        12⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
        12⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 220
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        9⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        8⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        7⤵
        Program crash
        
        PID:1048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        6⤵
        Program crash
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        11⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        12⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
        11⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        8⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        7⤵
        Program crash
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 244
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        8⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        7⤵
        Program crash
        
        PID:3268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        6⤵
        Program crash
        
        PID:2208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        5⤵
        Program crash
        
        PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        11⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        12⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 220
        12⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        8⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        7⤵
        Program crash
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
        6⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        7⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
        11⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        11⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        10⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 216
        8⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
        7⤵
        Program crash
        
        PID:3488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        6⤵
        Program crash
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
        6⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        7⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        8⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        7⤵
        Program crash
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        9⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        10⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        9⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        8⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        7⤵
        
        PID:4664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        6⤵
        Program crash
        
        PID:3952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        5⤵
        Program crash
        
        PID:1392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        9⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        11⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        12⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
        13⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        13⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        12⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        10⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        10⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        11⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        12⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        11⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
        10⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        8⤵
        Program crash
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        7⤵
        Program crash
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        7⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        8⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        11⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        8⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        7⤵
        
        PID:3512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        6⤵
        Program crash
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        10⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        11⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 216
        11⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 236
        10⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        8⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        7⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        6⤵
        Program crash
        
        PID:3632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        5⤵
        Program crash
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        6⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        11⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 236
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        9⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 220
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
        7⤵
        
        PID:5044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        6⤵
        Program crash
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
        9⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        10⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        9⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        8⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        7⤵
        
        PID:5804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        6⤵
        
        PID:4304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 220
        5⤵
        Program crash
        
        PID:3860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
      4⤵
      Program crash
      PID:2560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
  2⤵
  - Program crash
  PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe

Filesize
184KB

MD5
c2842e2df95b4485946fb557eee4e604

SHA1
82d87f67adef1ab03fe192eb9a2f16a0b813d771

SHA256
2c084b0ec22e78d8ebe7802fe1d2da02f82d703470bb65025844d3ed5930b68e

SHA512
ec2acb12420e547cd94ec051af654a6f556036299b3e96330a9ce85ed55d27aedbdccf9dfa25944ca0f6034f40bf3c0eaedc910288f9e0205c9ac11e3d696485

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe

Filesize
184KB

MD5
3b3b96eba34896229a592b6a262b5137

SHA1
106ae46efa600eb34671d2cdd500fab8718b3f51

SHA256
dc82c8a989c4bb72d468ccdc8bd7d5b90debeb1a357893e164b200eb283e573c

SHA512
f5a3e2af7bf83bcc4326a52bd36475ca2367bf4984ad93036f811e2ca6282ae5c0893497caa2741532c2c8239f2ec4da12ab9f19e48a7c9ac1c091c3a2b43566

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe

Filesize
184KB

MD5
da19d7dd9bf3315ea5ae29c9c2b09540

SHA1
b5e06d2924cd7eb96bd45263f64716b69cfd9c39

SHA256
e195ff18985607eda98956265e7b8bd595c8dcde8f051e611dd91a3bb971f134

SHA512
55fe195085a2c88eacc76770f90e0eddb1049c63dc494bbe90091c1edf230bddb910aa2aff3fdd4c55e2fa3a2665ae42191ec50508c45b9d3de5b8c7d69e1b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe

Filesize
184KB

MD5
015f8b3a0f6e0b86ff51b408f4ed810a

SHA1
37e80dca1f0afc5b27c5887700f8283aee415d30

SHA256
337e9cc57649952f25e6c8fe48fe94291f2d87caa4beed0332448cb361eedbc6

SHA512
415061925dae00a635cf41381d5a99ba702189da9108398d29a1efbae2c5785520e1ca44f5b60eb75f7d39415ba291955adc98dd04c98a90369546fb09075780

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe

Filesize
184KB

MD5
0ddbc8e03ebf0fb183b96ed98e8e04cf

SHA1
b35d8919292f61e767b3385a4c71dd669812be94

SHA256
97eee9f01ee3f52bbbc63e1da16fbb700d08ab8f5b2e427a7bc59b171789154b

SHA512
89d07b8ece21b60748523015fdfaf34e6bc8da6ca1d768744b4acfab97889a7ccbe32e98db2429ad968feb41cdcd606e172dc68d8b137cd767470a1d236b2ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe

Filesize
184KB

MD5
08a2b5e12d2f812c683e4d8ef8c9df58

SHA1
48e677b98efec2d612e62ffd0a6eeef13e45810b

SHA256
8843a116a8e82604c4d3200f109963573c447f7bdcf63e93424fa711066b3318

SHA512
ce5d0a5782bd5c7bc9e656b25ca05ed0b45dc853451ab0c410d39a6a6dd284e1eccf3ebf6475f8f41ee98fc21d2f24faa6faaa06e2c1b723e40ac7888db917bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe

Filesize
184KB

MD5
8baf8ea6bece373a008dca9e771ec619

SHA1
8188550c6efb7151b2b0a6ecbcf699cc30485a2c

SHA256
bcf32d59339b58d23864217500af53b329dc84077b37fa631bf41c9837c09bef

SHA512
ccadfd6e51fb56ba64cd8948f49493281b4046a1c3bd17be6dd3e4b32cc85bb920864390a38ccdb0caa401c3d7a2f121ee494ffb90c024555ff086443ba79d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe

Filesize
184KB

MD5
7f52304996db952eadb1eb3e872b30d1

SHA1
2ed0c93f0d34e8de2f18d0960b4a160b5046a718

SHA256
1b301bad68673a8f2babeae18f37848a5aecabf3072f3c493416e649dff5f5d6

SHA512
371c9b2caecad00c458c3dd6179f3d3d356bf461dfe3166bd2a381677bcdd360d2efc111d12b0781220497e21d8094e020bfcd755b8f7e194fc7297fdb55854d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe

Filesize
184KB

MD5
23eb88197500bdbee8f1ba9285084d37

SHA1
9fe643e6510f630e2cbe8a16b89e58f1a7179b8c

SHA256
cd1d9ab277a5997e8f82168cac1469774e561ceabf692673cb8fe3b0cdb0f0af

SHA512
48156b473976bb1079a1953f6523e68e27ba83693334cce304223655032ae90f24c82abfb3964f2c0499d191690f71c838bb92c22ee6478c20054f25ac7b152d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe

Filesize
184KB

MD5
d24747976f8b736832e3e07a7afc87de

SHA1
0105101d85ade2af26a920f879eb1e408f56fd63

SHA256
a09c561edcb8a16c23d04c7383503fdb6e0b7c1b17c8d6cf43cc2de094982b87

SHA512
4779d7ea047b7234457a05541ee5785cab4b4ede0d6341e6eb7647efeb7ae1d50205ba86c01bf2bcd46ff534cdbad000819865d31aabc8ca90d7a1627ad186ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe

Filesize
184KB

MD5
a13a29e4265a5a6b8ba98b1a45f52902

SHA1
a65874a70934368a41b32531f939a197b47f93bb

SHA256
2b6369a62f9c0f315cc57261bdb70eb62a1c9f33afb93ce9f9d732446f4ef128

SHA512
f2c6a3d41cd59c76b8c632abf8bf69d986e612f1f1d2e1dd805c04d53948e0d8412674a30fe7aa38a113031b0574130abd47f630a2e8224f442e9454c984f224

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe

Filesize
184KB

MD5
15e5d6ea23933669172ccf264c9eccc1

SHA1
0ac4828751e0c375b7add6724919ec81d5541031

SHA256
ac00cd83991ecaff0dee96071192f166c54e34b1e33431d41f1b7d9fc1d4b6da

SHA512
0160fc97ec034d3601a80ea277ebb0a480ddbc92ab6f8bba7c718ffddef5d30e4ecb3e681880aacdfb47a028d414ee4f21d0eb30729dba3741b3c4d4b83f93db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe

Filesize
184KB

MD5
330e3a97b2b8ef0f22e14617b9a2bb85

SHA1
ee03e306ea98e54cecf7e573007f1e40afea16ed

SHA256
1d8a884eb77d4a020f6fa3fd7f7b7300e05f4c46320634c1468e955338f19907

SHA512
b56189688d625b1bfa427657222efb7b474adae2142dbdbc86ce57a0cb780970a0e114ccf1cfefe7cc3a44f3ad40d7e492aa6d5a58e739e7d5c54c20d721c273

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe

Filesize
184KB

MD5
adbe3156b5300041ad72d1637312da23

SHA1
61676aa298de99dac6a203dfe7b5e34f53385f79

SHA256
a7863b61f466a18589e90996636c9e16930229f9fbf57c257c3665cc87b3881a

SHA512
4b33d7af0ae467140eb0ca477121c6d09cf38d83e174c63fbda7435b5fc7a92e0d3622a7b2773e878322fab46431447376edcc7ef7e493fe982a4c038d091332

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe

Filesize
184KB

MD5
ba10f791edffe6b0510a2dc8bb7d4ecd

SHA1
6bb9c63b199bd91377a21c304dff7b3b5802c620

SHA256
044403d8ba7a80bd970b58d0100430a9ee09cb3a5239f8773e0f355e733b2f8d

SHA512
03c49accf4d4c882f5a9c08ac3aadfa8bf90f3ffae195c8443a09ae54813f7538fcf7d9bace2f76aafe8bc3005881c638e2264ef9141c6fb57bba0d98a797ff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe

Filesize
184KB

MD5
f82171adc344069d8c2eb5e5052e65fb

SHA1
f8a8f4896ea72ef29a9928574e8e795e514757a7

SHA256
d00da6efaf371d7af0a545c212b472d4f3aca99e81fcad4d2f92358695153650

SHA512
f63f123756d4752ebdf398a7882b9421ee1fb267f1d0ccb7990c8937728288c76c19ca6af6e3e6671e89724a3f89890afe2029f393683693d4dfdf8cd1ddef7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe

Filesize
184KB

MD5
7c5d1a230aec141a054d7e15d78b2e1c

SHA1
92b945b053695e918ea0570730a9aea17569f00c

SHA256
b4e759fb3ef1457de6f0bc2fe784ee91fdd2efe40417d356eb5c6ee77c676329

SHA512
0aae64d5ddc2e6a6c92246ce6473af63ec79f9d0361a6062619cad62196effa2c55cc303c605b420ad42f49d9c6b45f0bdb9763e1c6d27996561d387a775a601

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe

Filesize
184KB

MD5
8d5c40183380a21a31917953f1213f02

SHA1
d3687e7b334692e4c5daae9be6d78435c42c3e99

SHA256
67b575e03f05b003bf75e71e88f7fac3bb6632e2e23a1885799e0ed7ee57dd3c

SHA512
362a05e7dc12870ac493921db91539403647845b5f57588f3cfd7394c195871d6e4a9ff494c5c0f5fc8a794d8b88765fd0c5c57a8ab2a06643860257899fe585

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe

Filesize
184KB

MD5
ebefcf4ecf00ac245559c1f192718d35

SHA1
92c8044e3d3ea9bb754d6bc77826e8aafe9b4e25

SHA256
8191f91e7e87334e18357db889dd9d2d484fade61b054b6be0ebf1cae595e1a4

SHA512
ffcdb6ff0e934c5f644d4e4b982fc21826ba85f5b9436ac6234d7c5d08cf35facbadc64c27132eba2a15f66bfa0f94ad92295569072bd002fe597c46072382ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe

Filesize
184KB

MD5
9245ce9d447d48ab609ac6234d8bb373

SHA1
3d329b0fb065392e3abde9158853c263c4a242d8

SHA256
26b6aaed81dc3f6068fd86541d6c04c679452d294a2a6f7c09fbd4ba388549b5

SHA512
5ce1b29b25bc6a2284d7cdcc14fdb58a22d925e99d3f22872da9a2c4cb7d449d66ab70265aa3d4ffa742d7b36307d4ebe23d44d3f922db33e12c4a80eb2bffd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe

Filesize
184KB

MD5
4565f7345aa3a23b68898243bbdca98c

SHA1
d2a73fa12a4556fcebfeaab05cbd75065e5e0100

SHA256
1b9089c7ff400277ad06a4f998db72d9a859cf9f0b1741608890dd7c746ec782

SHA512
0de73e998b66ce022ac23020640a159932bf59b533c56ed0cc25e30d13679beaa242b484fa049accf2d5233b27ac96f3947ca9f44b5a591e89f06e072fe02095

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads