2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
Size

184KB
MD5

45eedaac0d682c666a75a0b5eb24f711
SHA1

070448ceffc4623b8cfc7ba8d421e433692a10a6
SHA256

2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf
SHA512

02f6822d02134b1589ff67104cdeb196a68782abef1c73877b2076b22f305aba703e1136caeea4d9a2f29d196949b8d86823ca248fcc82137ce84ff9e95b90ed
SSDEEP

3072:BBynQIol8PazdVgpeAsLpbptIKYqzY3nS4HKO5qBUsbhlnVOFxnT:BBWovpVgeLlptIx7aDhlnVOFx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2812	Unicorn-4283.exe
2628	Unicorn-29940.exe
2648	Unicorn-44885.exe
2436	Unicorn-5518.exe
2468	Unicorn-40329.exe
2476	Unicorn-14241.exe
2608	Unicorn-21938.exe
2928	Unicorn-63525.exe
1860	Unicorn-40412.exe
1668	Unicorn-49135.exe
1744	Unicorn-3463.exe
2224	Unicorn-14921.exe
1244	Unicorn-60593.exe
2396	Unicorn-39426.exe
540	Unicorn-20952.exe
792	Unicorn-55762.exe
2592	Unicorn-62539.exe
1392	Unicorn-62539.exe
1776	Unicorn-16868.exe
3040	Unicorn-23173.exe
1548	Unicorn-25865.exe
1228	Unicorn-10920.exe
1992	Unicorn-10920.exe
1284	Unicorn-50370.exe
1532	Unicorn-35425.exe
948	Unicorn-42201.exe
1740	Unicorn-51761.exe
2280	Unicorn-58538.exe
1864	Unicorn-12866.exe
2368	Unicorn-47677.exe
892	Unicorn-27811.exe
2504	Unicorn-34595.exe
2552	Unicorn-1408.exe
2016	Unicorn-59099.exe
2412	Unicorn-46847.exe
2912	Unicorn-55570.exe
2064	Unicorn-40625.exe
2164	Unicorn-64807.exe
2908	Unicorn-64807.exe
1920	Unicorn-19136.exe
2700	Unicorn-49862.exe
2808	Unicorn-49862.exe
2884	Unicorn-16374.exe
768	Unicorn-56660.exe
1360	Unicorn-6068.exe
2472	Unicorn-52576.exe
1896	Unicorn-21850.exe
764	Unicorn-28626.exe
1680	Unicorn-63437.exe
2084	Unicorn-48492.exe
1408	Unicorn-12119.exe
2900	Unicorn-57791.exe
360	Unicorn-8035.exe
952	Unicorn-24372.exe
908	Unicorn-39316.exe
1732	Unicorn-55098.exe
2864	Unicorn-16204.exe
1496	Unicorn-17526.exe
3016	Unicorn-57812.exe
1924	Unicorn-7220.exe
2420	Unicorn-53728.exe
2532	Unicorn-4527.exe
2584	Unicorn-15388.exe
2872	Unicorn-63842.exe

Loads dropped DLL 64 IoCs

pid	Process
2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
2812	Unicorn-4283.exe
2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
2812	Unicorn-4283.exe
2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
2648	Unicorn-44885.exe
2648	Unicorn-44885.exe
2628	Unicorn-29940.exe
2628	Unicorn-29940.exe
2812	Unicorn-4283.exe
2812	Unicorn-4283.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
2436	Unicorn-5518.exe
2436	Unicorn-5518.exe
2648	Unicorn-44885.exe
2648	Unicorn-44885.exe
2476	Unicorn-14241.exe
2476	Unicorn-14241.exe
2468	Unicorn-40329.exe
2628	Unicorn-29940.exe
2468	Unicorn-40329.exe
2628	Unicorn-29940.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2696	WerFault.exe
2436	Unicorn-5518.exe
2608	Unicorn-21938.exe
2436	Unicorn-5518.exe
2608	Unicorn-21938.exe
2928	Unicorn-63525.exe
2928	Unicorn-63525.exe
1668	Unicorn-49135.exe
1668	Unicorn-49135.exe
1860	Unicorn-40412.exe
1860	Unicorn-40412.exe
2476	Unicorn-14241.exe
2468	Unicorn-40329.exe
2476	Unicorn-14241.exe
2468	Unicorn-40329.exe
1744	Unicorn-3463.exe
1744	Unicorn-3463.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
696	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2824	2964	WerFault.exe	27
1736	2812	WerFault.exe	28
2696	2648	WerFault.exe	30
2096	2628	WerFault.exe	29
604	2436	WerFault.exe	32
1952	2476	WerFault.exe	34
696	2468	WerFault.exe	33
1480	2608	WerFault.exe	36
1520	2928	WerFault.exe	37
2620	1668	WerFault.exe	40
2632	1860	WerFault.exe	38
2540	1744	WerFault.exe	39
2844	2224	WerFault.exe	44
688	2396	WerFault.exe	45
336	1244	WerFault.exe	43
3012	540	WerFault.exe	46
1568	1776	WerFault.exe	50
1572	1392	WerFault.exe	49
1564	2592	WerFault.exe	48
2984	792	WerFault.exe	47
992	3040	WerFault.exe	54
612	1548	WerFault.exe	55
2860	1228	WerFault.exe	56
2348	1992	WerFault.exe	57
2080	1284	WerFault.exe	58
2340	948	WerFault.exe	60
2112	1532	WerFault.exe	59
2428	2368	WerFault.exe	64
2444	892	WerFault.exe	65
2580	2280	WerFault.exe	62
2488	1864	WerFault.exe	63
2772	1740	WerFault.exe	61
2392	2504	WerFault.exe	68
348	2552	WerFault.exe	69
1544	2016	WerFault.exe	72
3080	2912	WerFault.exe	75
3088	2412	WerFault.exe	74
3136	2164	WerFault.exe	78
3152	2908	WerFault.exe	77
3252	2808	WerFault.exe	81
3280	2700	WerFault.exe	80
3292	2884	WerFault.exe	82
3328	1680	WerFault.exe	88
3320	2064	WerFault.exe	76
3312	764	WerFault.exe	87
3396	1360	WerFault.exe	84
3404	2472	WerFault.exe	85
3388	768	WerFault.exe	83
3440	2084	WerFault.exe	89
3432	1896	WerFault.exe	86
4048	1120	WerFault.exe	159
3200	648	WerFault.exe	160
3768	1836	WerFault.exe	158
3808	2900	WerFault.exe	94
3912	1408	WerFault.exe	93
3916	360	WerFault.exe	95
3988	2864	WerFault.exe	104
3584	908	WerFault.exe	101
3792	2420	WerFault.exe	108
3800	1732	WerFault.exe	103
4068	2584	WerFault.exe	110
3624	1616	WerFault.exe	120
4464	1600	WerFault.exe	117
5096	3348	WerFault.exe	236

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
2812	Unicorn-4283.exe
2628	Unicorn-29940.exe
2648	Unicorn-44885.exe
2436	Unicorn-5518.exe
2476	Unicorn-14241.exe
2468	Unicorn-40329.exe
2608	Unicorn-21938.exe
2928	Unicorn-63525.exe
1860	Unicorn-40412.exe
1668	Unicorn-49135.exe
1744	Unicorn-3463.exe
2224	Unicorn-14921.exe
1244	Unicorn-60593.exe
2396	Unicorn-39426.exe
540	Unicorn-20952.exe
1776	Unicorn-16868.exe
2592	Unicorn-62539.exe
1392	Unicorn-62539.exe
792	Unicorn-55762.exe
3040	Unicorn-23173.exe
1548	Unicorn-25865.exe
1228	Unicorn-10920.exe
1992	Unicorn-10920.exe
1284	Unicorn-50370.exe
1532	Unicorn-35425.exe
948	Unicorn-42201.exe
1864	Unicorn-12866.exe
1740	Unicorn-51761.exe
2280	Unicorn-58538.exe
2368	Unicorn-47677.exe
892	Unicorn-27811.exe
2504	Unicorn-34595.exe
2552	Unicorn-1408.exe
2016	Unicorn-59099.exe
2412	Unicorn-46847.exe
2912	Unicorn-55570.exe
2064	Unicorn-40625.exe
2164	Unicorn-64807.exe
2908	Unicorn-64807.exe
1920	Unicorn-19136.exe
2700	Unicorn-49862.exe
2808	Unicorn-49862.exe
2884	Unicorn-16374.exe
1360	Unicorn-6068.exe
768	Unicorn-56660.exe
2472	Unicorn-52576.exe
1896	Unicorn-21850.exe
2084	Unicorn-48492.exe
1680	Unicorn-63437.exe
764	Unicorn-28626.exe
1408	Unicorn-12119.exe
2900	Unicorn-57791.exe
360	Unicorn-8035.exe
952	Unicorn-24372.exe
908	Unicorn-39316.exe
1732	Unicorn-55098.exe
2864	Unicorn-16204.exe
1496	Unicorn-17526.exe
3016	Unicorn-57812.exe
1924	Unicorn-7220.exe
2420	Unicorn-53728.exe
2532	Unicorn-4527.exe
2584	Unicorn-15388.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2812	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	28
PID 2964 wrote to memory of 2812	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	28
PID 2964 wrote to memory of 2812	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	28
PID 2964 wrote to memory of 2812	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	28
PID 2812 wrote to memory of 2628	2812	Unicorn-4283.exe	29
PID 2812 wrote to memory of 2628	2812	Unicorn-4283.exe	29
PID 2812 wrote to memory of 2628	2812	Unicorn-4283.exe	29
PID 2812 wrote to memory of 2628	2812	Unicorn-4283.exe	29
PID 2964 wrote to memory of 2648	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	30
PID 2964 wrote to memory of 2648	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	30
PID 2964 wrote to memory of 2648	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	30
PID 2964 wrote to memory of 2648	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	30
PID 2964 wrote to memory of 2824	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	31
PID 2964 wrote to memory of 2824	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	31
PID 2964 wrote to memory of 2824	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	31
PID 2964 wrote to memory of 2824	2964	2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe	31
PID 2648 wrote to memory of 2436	2648	Unicorn-44885.exe	32
PID 2648 wrote to memory of 2436	2648	Unicorn-44885.exe	32
PID 2648 wrote to memory of 2436	2648	Unicorn-44885.exe	32
PID 2648 wrote to memory of 2436	2648	Unicorn-44885.exe	32
PID 2628 wrote to memory of 2468	2628	Unicorn-29940.exe	33
PID 2628 wrote to memory of 2468	2628	Unicorn-29940.exe	33
PID 2628 wrote to memory of 2468	2628	Unicorn-29940.exe	33
PID 2628 wrote to memory of 2468	2628	Unicorn-29940.exe	33
PID 2812 wrote to memory of 2476	2812	Unicorn-4283.exe	34
PID 2812 wrote to memory of 2476	2812	Unicorn-4283.exe	34
PID 2812 wrote to memory of 2476	2812	Unicorn-4283.exe	34
PID 2812 wrote to memory of 2476	2812	Unicorn-4283.exe	34
PID 2812 wrote to memory of 1736	2812	Unicorn-4283.exe	35
PID 2812 wrote to memory of 1736	2812	Unicorn-4283.exe	35
PID 2812 wrote to memory of 1736	2812	Unicorn-4283.exe	35
PID 2812 wrote to memory of 1736	2812	Unicorn-4283.exe	35
PID 2436 wrote to memory of 2608	2436	Unicorn-5518.exe	36
PID 2436 wrote to memory of 2608	2436	Unicorn-5518.exe	36
PID 2436 wrote to memory of 2608	2436	Unicorn-5518.exe	36
PID 2436 wrote to memory of 2608	2436	Unicorn-5518.exe	36
PID 2648 wrote to memory of 2928	2648	Unicorn-44885.exe	37
PID 2648 wrote to memory of 2928	2648	Unicorn-44885.exe	37
PID 2648 wrote to memory of 2928	2648	Unicorn-44885.exe	37
PID 2648 wrote to memory of 2928	2648	Unicorn-44885.exe	37
PID 2476 wrote to memory of 1860	2476	Unicorn-14241.exe	38
PID 2476 wrote to memory of 1860	2476	Unicorn-14241.exe	38
PID 2476 wrote to memory of 1860	2476	Unicorn-14241.exe	38
PID 2476 wrote to memory of 1860	2476	Unicorn-14241.exe	38
PID 2468 wrote to memory of 1744	2468	Unicorn-40329.exe	39
PID 2468 wrote to memory of 1744	2468	Unicorn-40329.exe	39
PID 2468 wrote to memory of 1744	2468	Unicorn-40329.exe	39
PID 2468 wrote to memory of 1744	2468	Unicorn-40329.exe	39
PID 2628 wrote to memory of 1668	2628	Unicorn-29940.exe	40
PID 2628 wrote to memory of 1668	2628	Unicorn-29940.exe	40
PID 2628 wrote to memory of 1668	2628	Unicorn-29940.exe	40
PID 2628 wrote to memory of 1668	2628	Unicorn-29940.exe	40
PID 2648 wrote to memory of 2696	2648	Unicorn-44885.exe	41
PID 2648 wrote to memory of 2696	2648	Unicorn-44885.exe	41
PID 2648 wrote to memory of 2696	2648	Unicorn-44885.exe	41
PID 2648 wrote to memory of 2696	2648	Unicorn-44885.exe	41
PID 2628 wrote to memory of 2096	2628	Unicorn-29940.exe	42
PID 2628 wrote to memory of 2096	2628	Unicorn-29940.exe	42
PID 2628 wrote to memory of 2096	2628	Unicorn-29940.exe	42
PID 2628 wrote to memory of 2096	2628	Unicorn-29940.exe	42
PID 2436 wrote to memory of 1244	2436	Unicorn-5518.exe	43
PID 2436 wrote to memory of 1244	2436	Unicorn-5518.exe	43
PID 2436 wrote to memory of 1244	2436	Unicorn-5518.exe	43
PID 2436 wrote to memory of 1244	2436	Unicorn-5518.exe	43

C:\Users\Admin\AppData\Local\Temp\2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe
"C:\Users\Admin\AppData\Local\Temp\2d9914dd2d70650aeb74d29b8efa9f97070ca6cd21d9a2aa5ebd22eaf06b5eaf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        11⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
        12⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        13⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
        13⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        12⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
        11⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        10⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        9⤵
        Program crash
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        10⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 240
        11⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1668.exe
        10⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        11⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        12⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        11⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
        10⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
        8⤵
        Program crash
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        7⤵
        Program crash
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        11⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        12⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
        13⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        14⤵
        
        PID:13812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        13⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        12⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        11⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        11⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        11⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        11⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        10⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        11⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        11⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 220
        11⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        10⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        9⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 220
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        7⤵
        Program crash
        
        PID:2580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        6⤵
        Program crash
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        11⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        12⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        9⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 220
        10⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        9⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        11⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 236
        12⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        10⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        11⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        10⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        9⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        7⤵
        Program crash
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        11⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
        12⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
        13⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        12⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        11⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        12⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        13⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 240
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        10⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        11⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
        9⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24049.exe
        11⤵
        
        PID:13656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        10⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        9⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
        6⤵
        Program crash
        
        PID:1572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        9⤵
        
        PID:648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
        10⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        11⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        12⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 236
        12⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        11⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        11⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
        8⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        12⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        12⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        13⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 220
        13⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
        12⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
        11⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        11⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        12⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        12⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 240
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        10⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        11⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        12⤵
        
        PID:13512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
        12⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
        10⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        8⤵
        Program crash
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        7⤵
        Program crash
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        8⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        9⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        11⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 236
        12⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        11⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 236
        10⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        10⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 236
        11⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 220
        10⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        8⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 200
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        7⤵
        Program crash
        
        PID:3292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        6⤵
        Program crash
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        7⤵
        Executes dropped EXE
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        9⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 200
        10⤵
        Program crash
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        9⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        10⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
        11⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        10⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        9⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 220
        8⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        7⤵
        Program crash
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        6⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        7⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        8⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        10⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        11⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        10⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        9⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        8⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        9⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        10⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        9⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 220
        8⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
        7⤵
        
        PID:6040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        6⤵
        Program crash
        
        PID:2340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        5⤵
        Program crash
        
        PID:2620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50441.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        13⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 236
        13⤵
        
        PID:13588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        12⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        11⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        12⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
        13⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 236
        13⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        12⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        11⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        11⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 220
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
        9⤵
        Program crash
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        8⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57802.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        11⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 236
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        11⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        9⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        8⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
        7⤵
        Program crash
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        11⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        10⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe
        11⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        11⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 236
        10⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        12⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 236
        12⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        11⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        10⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
        11⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 220
        10⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 240
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        6⤵
        Program crash
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        10⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        11⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
        11⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        9⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        10⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        10⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        9⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        8⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        7⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        6⤵
        Program crash
        
        PID:2444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        5⤵
        Program crash
        
        PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        10⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        12⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        11⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        12⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        13⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        10⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        11⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 236
        11⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        10⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 240
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        11⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        12⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
        10⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        8⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        6⤵
        Program crash
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        9⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        11⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 236
        10⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
        9⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        9⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        10⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        9⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        8⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        7⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        7⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 200
        8⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
        7⤵
        
        PID:5404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        6⤵
        Program crash
        
        PID:3312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        5⤵
        Program crash
        
        PID:1564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        11⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        12⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        13⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        14⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        13⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        11⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        12⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11504 -s 216
        13⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        11⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        12⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        13⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
        13⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 220
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
        9⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        11⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        12⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        13⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 220
        13⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        10⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        11⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        11⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        10⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        Program crash
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        11⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        12⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        13⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        12⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        11⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        11⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        12⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 216
        12⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        11⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 220
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63214.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        11⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        12⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        12⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        9⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        8⤵
        Program crash
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        Program crash
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        12⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        13⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
        11⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29933.exe
        11⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        12⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        11⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 220
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58142.exe
        11⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
        12⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        12⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        11⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
        10⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 240
        8⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        10⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        11⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        12⤵
        
        PID:13380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        12⤵
        
        PID:14328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 220
        10⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        10⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
        11⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        10⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        7⤵
        Program crash
        
        PID:348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56800.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        10⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        12⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        12⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        11⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        12⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 236
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
        11⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
        11⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        12⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 236
        10⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 220
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        8⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        7⤵
        Program crash
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        10⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        11⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60867.exe
        12⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        11⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        10⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        10⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        10⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        9⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        10⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
        10⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        9⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        8⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 220
        7⤵
        Program crash
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        6⤵
        Program crash
        
        PID:612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        5⤵
        Program crash
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        10⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        11⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63965.exe
        12⤵
        
        PID:14292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        10⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        9⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        10⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        10⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        9⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        7⤵
        Program crash
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        10⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        11⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        9⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        10⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 236
        10⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        9⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        8⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        7⤵
        
        PID:5012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        11⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        12⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        12⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 220
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
        10⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        10⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        11⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 220
        10⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 240
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        9⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
        10⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
        9⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        8⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        9⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        10⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        10⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        9⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        8⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        7⤵
        
        PID:4752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        6⤵
        Program crash
        
        PID:3136
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 220
        5⤵
        Program crash
        
        PID:336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        10⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        12⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        13⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        11⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        11⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        11⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        12⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        13⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
        13⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        12⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        11⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 236
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        11⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 240
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        11⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
        12⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
        12⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
        10⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 240
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        8⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        11⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
        12⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        11⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        10⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        11⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
        7⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        11⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        12⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        13⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        10⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
        11⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 220
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 236
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47049.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        8⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        9⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        10⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        8⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        7⤵
        
        PID:5276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        7⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47693.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
        12⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        11⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
        10⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        11⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        10⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 240
        9⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 216
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        9⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
        10⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 236
        10⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 236
        9⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        8⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
        7⤵
        Program crash
        
        PID:3800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        6⤵
        Program crash
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        5⤵
        Program crash
        
        PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        6⤵
        
        PID:2932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        6⤵
        
        PID:4396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        5⤵
        Program crash
        
        PID:2080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
      4⤵
      Program crash
      PID:1520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
  2⤵
  - Program crash
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe

Filesize
184KB

MD5
3d61d6fe8b2e7b0164a9572ed039cd07

SHA1
eaaefc975f16c67673ba6189c01c701e6a9b7629

SHA256
7ed485aa13748ba1dec3c354b01b7e578cfca9856bfe1a61d4503de8a3667be8

SHA512
8e7df1d8ba48595b4d795a92da0b4b1502957ce1fa1a83d0973c5e9a0af0ec4b6670b24074cf50e169dfd6ee57ead1c9a09949aa39c067c171da97b39c8517cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe

Filesize
184KB

MD5
9118a4a8a3b6c0c5422a3c2e93e72b31

SHA1
14996381720d52c97dddb0d11914c084b3280715

SHA256
4b83ef69946c27dd705832f4410e46062085c28c0a63f81342ee9ed4ca7ce9dc

SHA512
5798bda519b403bfacf35a2c00873617d1dcaae6fab1229238cc1b1f8aa1a45477502a2a20947c672cdcc31834b1629d4e44263fbc7223c31832747ea6d72ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe

Filesize
184KB

MD5
43a00c2f4d15984f5489156770aecbd6

SHA1
d8b6bb6bdcfd944d4d253cc3e719279cca901fdf

SHA256
ef217aac03f8112f28fd0982a20de8a079dc1f2b7fcb443e47446c691381b418

SHA512
3c12ddbf9a3d2b8a5b103c387ca385cd68b5a9dbed295093e4ac5f65d12bab415e995c605fd2b94dda32488636a0432e11de552c773a1a4d9bf3eecc7b3aaf1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe

Filesize
184KB

MD5
e933d329a63b18877b954218b968ad3b

SHA1
7afc7f5fbaf7c1b0e0009fab11b270448f83935e

SHA256
f309f3b903b81ebc68eed935966115ba37499efbd1b7c3f1af5653f5b3d5585b

SHA512
3351402a5d4f69817fb93ace9964f3ae571a6d2fa3d2f20689bdb781bca1a9509b9735b6d3a62eacc780e54c33598637189c4f90a8362cf97832dc5642c0e518

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe

Filesize
184KB

MD5
0c2368fd47b32aed6061550da42517c5

SHA1
5f8e1b963ab613fba3a1e7bcb65e0c06fac008dc

SHA256
030a3d776f5cc3a44816601dbb62ec22735d70af0b62de09dc3cfc2218b907c2

SHA512
628f410760e256fc85ffbbb251fcf39ed6615ffeeb490649ae55a27db72cef15e9d13d0eadc7be25f4ff6a6e28bcd2fa0b68d5204a36580198240e3fbbdf887d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe

Filesize
184KB

MD5
bd955dbf66822c25518ccdb974a718bf

SHA1
b944705759e97ee227ba78393cb53d192c93de97

SHA256
781c8bb687e1e3d7cb4a933e92d2cdc7ade599612dfbc62f4df9e4a2f5462e67

SHA512
367bc22ab0c120166fff76f927884a97d707b868aebfdfa29f7cf66d87753bbf86acc2f9f3407b9c083259c60ce04e1e25be178f4b3a58673fa506de5e8a7225

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe

Filesize
184KB

MD5
0b84be4d757871bc25e89fab28bcbb65

SHA1
55d7e567f16d78f6558aec7d828d2b6a00cd9a88

SHA256
a1e80d4683965d8732d159aa985456b2d27302dd41e23ef417811e34f048127f

SHA512
19a732d486bd0cdd4106af8eb66c7681d8e0e787358c0de961b89bcc9b68ef3ba753e6b496077351abd9cad980a3d55697174b4dd5fe1adaca5ce9552e338c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe

Filesize
184KB

MD5
4dba0f4ca92c8637c24e0f403e7209ba

SHA1
44c0eb86c53c469bae955a49f8ad08721f0f4915

SHA256
c85c47649cc967f7366150db14834f8e4b86c5dd886c9a5cded72903e0c95dcc

SHA512
a5d3c880d0acdac2ffe5efe77b2f7e04c2dbf73d49d8cd51e6517d2ed492ca853d219f5a0d7ee18ac5841c0105103324ba09889dc4091d9c390adc5976e1af66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe

Filesize
184KB

MD5
ce7b1bcd3e83a555e13d3800bac4784c

SHA1
167be5f8eef47b7193d406b79ebecc159e8a46ec

SHA256
073475e179aa7df530658c2aae9ec2b11a44ad48bffa6764d4d99d4b99f92b76

SHA512
27478ebd3a7eefab0f8819209e54940b4478cd378ea821d8abcc96759e35448c9f1dcba5408476e7c232f306bb6d3d5574c57b872b93c83d1c8abd785da49000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe

Filesize
184KB

MD5
fd4a93552ee3d3ffb268337f8c595318

SHA1
5f73e08fce040b94d1808a58a8ead4ffa89f6cfc

SHA256
80d617cb980dbff86658b810d7b4f1bf1b03f138abc4ecf14e754ada3183e2e5

SHA512
e75549bfad89ee5e530eb8eacfb3ad26450f17fa9094f818615584bdfcf63e3e1c94b71bc73cc0c566a96bc2313e1a52b901235f7cffd8758bdd4d0b15864254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe

Filesize
184KB

MD5
99ab78ebd6dc6a800931424b67d51adc

SHA1
c1cb2552f64f0d3f1d759e96bc3218cd080aaf21

SHA256
bbcb9b8b2f8fd06255952e67ccb9f44163b2569a58a715f9ffdf2e70ea7e153a

SHA512
7a23da7460d182d8686ed9238e9dd79f635a1d0034093a7538b03d999b00adf6fa54997c8c9fa0c1e95d27eb4ba886423327ff78a0241c071832d8098ff89b30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe

Filesize
184KB

MD5
97d098c2bc9bf08e732b20ba996fde6e

SHA1
506d14322a57e967b99d9fae5f4ded39ef119026

SHA256
2dcee370541d8123080086d2bf2a552eccbbff222c117d20ad222998f7ec9a39

SHA512
f846340688befd51eede402be73206454cc8d9fc5961a048d576cd4df2b40dec5a28519a064fb2fc5fe74d1fef678432dbdc711fbe9b2f3fb63acfa69b1f7a90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe

Filesize
184KB

MD5
c26e9a1503e0ad586446fe545c571d79

SHA1
d26843b75dabcdd8aac2a998726d18c487697c16

SHA256
2261b685162bc3b2743bb3c8233d275076361954f4a3d2b0851f1d05cbe2e918

SHA512
3d2002566074d8cee467c4855dbdd9d2ad453f4792b37662a3fd87a544be9f06395c6d51f8c045ac8156b7a4ff0d0d14da7721bacf0d640aa8c9a5ff7d40109c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe

Filesize
184KB

MD5
95b4a8b3470b7a1b5e40ff312221de1c

SHA1
8123c2a7e59a9e86cc83361f990a1fd1704c1717

SHA256
b32b98d5e819355278aa4ff9f8d618a5486e6834c5a1568aff14e667aff469ac

SHA512
e3e86cc4be8f63f10626165fb567e685452c8b9574622a8c09e6b1963a532cfa32d1803de67c2bcb8038c9800262ceeade5cd0d6700d588cba30ea3b5901ecb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe

Filesize
184KB

MD5
acbf15effee7020732046adb580b9534

SHA1
9b1416b8cc7206242a6fed753e67ac728de0d5dd

SHA256
479bf907709cd05ace4173ea414cd73a2c034c39bc3c9336a5d85e907f0c17af

SHA512
7af4ccbb064777c65f1699ba3b8e78511a294d4e70cd80f5ab9bfc4e2daab4d722de58566ee663e2be7646c02a1c7672eefbdb269b94f2936a52e7cc232f1f94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe

Filesize
184KB

MD5
fc06beddaacfa0ccbffb9e81f3700e7b

SHA1
04490cd468808cd07571cc67f967bf46abc773ae

SHA256
e49c3b4ca87c9cc2df47ba529706795587af55b7a3543eb512b4c16342abb09c

SHA512
4b47273a920cbed8fdf66913e90bbf7f762f1fe3ffcc29f93655f9bb9dfbc6632a17f1c10608d5442563a705efd66e0b048ff182094e715eae080d1875933311

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe

Filesize
184KB

MD5
c6f49286beafcf101281998f458cd91a

SHA1
f59d9da8d3c0c4661477eb89eaee8256cf4919cd

SHA256
bbd142372cf985b52440fa387821289ff136ab1f41c1882021bef6f0f721d9ba

SHA512
15d0e55d2a099ed32e71ca1e0719b5aee0786ab507ee3f6611715cbba9db1064924f05b53b0824c784d1337ef5b59ac19d7c661365fb650e33335dd375ed522d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe

Filesize
184KB

MD5
ea6913001cf98dbe25f9e35b10e9a189

SHA1
5d14b30a33f35cb92efa76dd5f89f53405e56f07

SHA256
23b1299286bdce2906517c5562bd97a36cec174186164ed462e5958468851694

SHA512
479e2c6799593958de84c4a051561da2315116e030ebf859389555ef021d7d58a994ee6dfa18a668396b37f359278d4b7fb7da0c992fe741b929b2e8fa6be2c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe

Filesize
184KB

MD5
92ec88d55323b3d075c5ccb6262a07e6

SHA1
e8f808a8a23d7f8966d3109ab97236b35bf1e5fb

SHA256
3babff372b7e61fa3311ebccec5e4694b17bfaebefe34385791e15aae43f9fd1

SHA512
f97c0f8e4beea83de61f1c10a30abb9633b798784e6354ac8c84cda9e071ba116f7eeeaf0f2336cf59f67d46385c1f826bdba7ab30cfa3be3b1abe563e799405

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe

Filesize
184KB

MD5
98df02552f71be8755c0646437123f25

SHA1
0eedb8aacc650848bffe6d61ca28bc4e1732285e

SHA256
2f41fed98c490e0a1f819f6810a37a7982e3bdcbdf0421740dae2e08b78e1c34

SHA512
93d53925afe43339a81a0e90757d9292ee830e01c6699d1f4689ce04ce33bf888282593b3c510e121f63bb71fa7d3c854390175e90f2133282720e02795581be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe

Filesize
184KB

MD5
cb26448643470b889930b4178f9599ec

SHA1
d6adeedf587ad80851146391827f945279280a86

SHA256
2e4939767e1fcebd29ee099c03843949600b0ce31a10bc17e45583600dbd2e98

SHA512
3815a4eb3b21cdf9a119330592a6cb5d2a8c9c1c169acf80d7fd96c9c045baf967b61d41b7737fc3f64c5c3356e70b5f1b960d5a1b9a69ab206f0e5db50f1091

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads