7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 22:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
Size

184KB
MD5

2be22fc74d1284bd1e8d87e62610a659
SHA1

653406458a6c9924274b14d8266c8860dd80e268
SHA256

7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e
SHA512

79f23b7cf85143694bf032f6e0bbc9ae7f8bbb4480988dafc9e16d217f6df88435f8939790e7b8e6b1e35d87dab67dd49ed93106a937f0fe8dd17c8637fe0493
SSDEEP

3072:aTdhg8ofNRhdLWaWIt/RJtgfhlmViFgn3:aT7ox9WaRRjgfhlmViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2704	Unicorn-8156.exe
2548	Unicorn-3963.exe
2684	Unicorn-18908.exe
2716	Unicorn-61415.exe
2536	Unicorn-10823.exe
2432	Unicorn-34773.exe
2668	Unicorn-5198.exe
2756	Unicorn-20143.exe
2184	Unicorn-13366.exe
2220	Unicorn-48177.exe
1432	Unicorn-28311.exe
2000	Unicorn-5281.exe
2256	Unicorn-55229.exe
1548	Unicorn-52536.exe
1372	Unicorn-52536.exe
2780	Unicorn-25894.exe
1932	Unicorn-40838.exe
1056	Unicorn-64788.exe
2576	Unicorn-14196.exe
2332	Unicorn-32813.exe
2940	Unicorn-52679.exe
848	Unicorn-21953.exe
356	Unicorn-3478.exe
1688	Unicorn-38289.exe
616	Unicorn-22507.exe
2896	Unicorn-57894.exe
1644	Unicorn-63369.exe
1884	Unicorn-12777.exe
2112	Unicorn-32643.exe
1804	Unicorn-47588.exe
2644	Unicorn-35357.exe
2556	Unicorn-50302.exe
2628	Unicorn-4630.exe
2448	Unicorn-39441.exe
2608	Unicorn-54386.exe
2168	Unicorn-25627.exe
1188	Unicorn-29711.exe
2460	Unicorn-9845.exe
2500	Unicorn-29711.exe
2188	Unicorn-44656.exe
2196	Unicorn-48740.exe
352	Unicorn-61184.exe
1552	Unicorn-46239.exe
1556	Unicorn-23681.exe
1340	Unicorn-3815.exe
548	Unicorn-23681.exe
596	Unicorn-58491.exe
1740	Unicorn-63213.exe
1692	Unicorn-3343.exe
1192	Unicorn-27848.exe
1028	Unicorn-62658.exe
920	Unicorn-15958.exe
3060	Unicorn-5097.exe
2056	Unicorn-54853.exe
2872	Unicorn-29602.exe
1880	Unicorn-64604.exe
1528	Unicorn-33878.exe
1436	Unicorn-52907.exe
1480	Unicorn-37962.exe
2532	Unicorn-22180.exe
2312	Unicorn-22180.exe
2640	Unicorn-22180.exe
2772	Unicorn-22180.exe
2520	Unicorn-46130.exe

Loads dropped DLL 64 IoCs

pid	Process
1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
2704	Unicorn-8156.exe
2704	Unicorn-8156.exe
1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
2548	Unicorn-3963.exe
2548	Unicorn-3963.exe
2704	Unicorn-8156.exe
2704	Unicorn-8156.exe
2684	Unicorn-18908.exe
2684	Unicorn-18908.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
2716	Unicorn-61415.exe
2716	Unicorn-61415.exe
2548	Unicorn-3963.exe
2548	Unicorn-3963.exe
2432	Unicorn-34773.exe
2432	Unicorn-34773.exe
2536	Unicorn-10823.exe
2684	Unicorn-18908.exe
2684	Unicorn-18908.exe
2536	Unicorn-10823.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
1088	WerFault.exe
2668	Unicorn-5198.exe
2668	Unicorn-5198.exe
2716	Unicorn-61415.exe
2716	Unicorn-61415.exe
1432	Unicorn-28311.exe
1432	Unicorn-28311.exe
2756	Unicorn-20143.exe
2756	Unicorn-20143.exe
2184	Unicorn-13366.exe
2184	Unicorn-13366.exe
2432	Unicorn-34773.exe
2432	Unicorn-34773.exe
2220	Unicorn-48177.exe
2220	Unicorn-48177.exe
2536	Unicorn-10823.exe
2536	Unicorn-10823.exe
1228	WerFault.exe
1228	WerFault.exe
1228	WerFault.exe
1228	WerFault.exe
1228	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
412	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2408	1720	WerFault.exe	27
332	2704	WerFault.exe	28
1276	2548	WerFault.exe	29
1088	2684	WerFault.exe	30
1228	2716	WerFault.exe	32
2132	2432	WerFault.exe	34
412	2536	WerFault.exe	33
1728	2668	WerFault.exe	36
2904	1432	WerFault.exe	40
2584	2756	WerFault.exe	37
1240	2184	WerFault.exe	38
2544	2220	WerFault.exe	39
3048	2000	WerFault.exe	43
2788	2256	WerFault.exe	44
2236	1548	WerFault.exe	45
1972	1372	WerFault.exe	46
1900	1932	WerFault.exe	48
2072	1056	WerFault.exe	49
1800	2780	WerFault.exe	47
1764	2576	WerFault.exe	50
1324	848	WerFault.exe	56
2176	2332	WerFault.exe	54
1700	2940	WerFault.exe	55
2824	1688	WerFault.exe	58
2672	356	WerFault.exe	57
2360	616	WerFault.exe	59
996	2896	WerFault.exe	60
1304	1644	WerFault.exe	61
744	2112	WerFault.exe	63
2276	1884	WerFault.exe	62
1760	1804	WerFault.exe	64
1284	2744	WerFault.exe	115
1464	2556	WerFault.exe	71
2600	2644	WerFault.exe	70
2476	2608	WerFault.exe	74
896	2448	WerFault.exe	73
3096	352	WerFault.exe	82
3112	2628	WerFault.exe	72
3104	2168	WerFault.exe	75
3120	1188	WerFault.exe	77
3136	1556	WerFault.exe	84
3148	548	WerFault.exe	85
3208	2196	WerFault.exe	80
3248	1340	WerFault.exe	83
3264	1552	WerFault.exe	81
3256	2188	WerFault.exe	79
3284	596	WerFault.exe	86
3308	2460	WerFault.exe	76
3336	2500	WerFault.exe	78
3616	1740	WerFault.exe	93
3664	1692	WerFault.exe	96
3852	2296	WerFault.exe	166
3944	1028	WerFault.exe	98
4008	1192	WerFault.exe	97
3092	1528	WerFault.exe	104
3668	2520	WerFault.exe	111
3176	2312	WerFault.exe	110
3240	2884	WerFault.exe	112
3272	2640	WerFault.exe	107
3508	1596	WerFault.exe	114
3536	2532	WerFault.exe	108
4080	3060	WerFault.exe	100
4244	2772	WerFault.exe	109
4256	2056	WerFault.exe	101

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
2704	Unicorn-8156.exe
2548	Unicorn-3963.exe
2684	Unicorn-18908.exe
2716	Unicorn-61415.exe
2432	Unicorn-34773.exe
2536	Unicorn-10823.exe
2668	Unicorn-5198.exe
2184	Unicorn-13366.exe
2756	Unicorn-20143.exe
2220	Unicorn-48177.exe
1432	Unicorn-28311.exe
2000	Unicorn-5281.exe
2256	Unicorn-55229.exe
1548	Unicorn-52536.exe
1372	Unicorn-52536.exe
2780	Unicorn-25894.exe
1932	Unicorn-40838.exe
1056	Unicorn-64788.exe
2576	Unicorn-14196.exe
2940	Unicorn-52679.exe
2332	Unicorn-32813.exe
848	Unicorn-21953.exe
1688	Unicorn-38289.exe
356	Unicorn-3478.exe
616	Unicorn-22507.exe
2896	Unicorn-57894.exe
1644	Unicorn-63369.exe
1884	Unicorn-12777.exe
2112	Unicorn-32643.exe
1804	Unicorn-47588.exe
2644	Unicorn-35357.exe
2556	Unicorn-50302.exe
2628	Unicorn-4630.exe
2448	Unicorn-39441.exe
2608	Unicorn-54386.exe
2168	Unicorn-25627.exe
2500	Unicorn-29711.exe
1188	Unicorn-29711.exe
2460	Unicorn-9845.exe
2196	Unicorn-48740.exe
2188	Unicorn-44656.exe
352	Unicorn-61184.exe
1552	Unicorn-46239.exe
1556	Unicorn-23681.exe
548	Unicorn-23681.exe
596	Unicorn-58491.exe
1340	Unicorn-3815.exe
1740	Unicorn-63213.exe
1692	Unicorn-3343.exe
1192	Unicorn-27848.exe
1028	Unicorn-62658.exe
920	Unicorn-15958.exe
3060	Unicorn-5097.exe
2056	Unicorn-54853.exe
2872	Unicorn-29602.exe
1880	Unicorn-64604.exe
1528	Unicorn-33878.exe
1480	Unicorn-37962.exe
1436	Unicorn-52907.exe
2532	Unicorn-22180.exe
2312	Unicorn-22180.exe
2640	Unicorn-22180.exe
2772	Unicorn-22180.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2704	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	28
PID 1720 wrote to memory of 2704	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	28
PID 1720 wrote to memory of 2704	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	28
PID 1720 wrote to memory of 2704	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	28
PID 2704 wrote to memory of 2548	2704	Unicorn-8156.exe	29
PID 2704 wrote to memory of 2548	2704	Unicorn-8156.exe	29
PID 2704 wrote to memory of 2548	2704	Unicorn-8156.exe	29
PID 2704 wrote to memory of 2548	2704	Unicorn-8156.exe	29
PID 1720 wrote to memory of 2684	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	30
PID 1720 wrote to memory of 2684	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	30
PID 1720 wrote to memory of 2684	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	30
PID 1720 wrote to memory of 2684	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	30
PID 1720 wrote to memory of 2408	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	31
PID 1720 wrote to memory of 2408	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	31
PID 1720 wrote to memory of 2408	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	31
PID 1720 wrote to memory of 2408	1720	7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe	31
PID 2548 wrote to memory of 2716	2548	Unicorn-3963.exe	32
PID 2548 wrote to memory of 2716	2548	Unicorn-3963.exe	32
PID 2548 wrote to memory of 2716	2548	Unicorn-3963.exe	32
PID 2548 wrote to memory of 2716	2548	Unicorn-3963.exe	32
PID 2704 wrote to memory of 2536	2704	Unicorn-8156.exe	33
PID 2704 wrote to memory of 2536	2704	Unicorn-8156.exe	33
PID 2704 wrote to memory of 2536	2704	Unicorn-8156.exe	33
PID 2704 wrote to memory of 2536	2704	Unicorn-8156.exe	33
PID 2684 wrote to memory of 2432	2684	Unicorn-18908.exe	34
PID 2684 wrote to memory of 2432	2684	Unicorn-18908.exe	34
PID 2684 wrote to memory of 2432	2684	Unicorn-18908.exe	34
PID 2684 wrote to memory of 2432	2684	Unicorn-18908.exe	34
PID 2704 wrote to memory of 332	2704	Unicorn-8156.exe	35
PID 2704 wrote to memory of 332	2704	Unicorn-8156.exe	35
PID 2704 wrote to memory of 332	2704	Unicorn-8156.exe	35
PID 2704 wrote to memory of 332	2704	Unicorn-8156.exe	35
PID 2716 wrote to memory of 2668	2716	Unicorn-61415.exe	36
PID 2716 wrote to memory of 2668	2716	Unicorn-61415.exe	36
PID 2716 wrote to memory of 2668	2716	Unicorn-61415.exe	36
PID 2716 wrote to memory of 2668	2716	Unicorn-61415.exe	36
PID 2548 wrote to memory of 2756	2548	Unicorn-3963.exe	37
PID 2548 wrote to memory of 2756	2548	Unicorn-3963.exe	37
PID 2548 wrote to memory of 2756	2548	Unicorn-3963.exe	37
PID 2548 wrote to memory of 2756	2548	Unicorn-3963.exe	37
PID 2432 wrote to memory of 2184	2432	Unicorn-34773.exe	38
PID 2432 wrote to memory of 2184	2432	Unicorn-34773.exe	38
PID 2432 wrote to memory of 2184	2432	Unicorn-34773.exe	38
PID 2432 wrote to memory of 2184	2432	Unicorn-34773.exe	38
PID 2684 wrote to memory of 1432	2684	Unicorn-18908.exe	40
PID 2684 wrote to memory of 1432	2684	Unicorn-18908.exe	40
PID 2684 wrote to memory of 1432	2684	Unicorn-18908.exe	40
PID 2684 wrote to memory of 1432	2684	Unicorn-18908.exe	40
PID 2536 wrote to memory of 2220	2536	Unicorn-10823.exe	39
PID 2536 wrote to memory of 2220	2536	Unicorn-10823.exe	39
PID 2536 wrote to memory of 2220	2536	Unicorn-10823.exe	39
PID 2536 wrote to memory of 2220	2536	Unicorn-10823.exe	39
PID 2548 wrote to memory of 1276	2548	Unicorn-3963.exe	41
PID 2548 wrote to memory of 1276	2548	Unicorn-3963.exe	41
PID 2548 wrote to memory of 1276	2548	Unicorn-3963.exe	41
PID 2548 wrote to memory of 1276	2548	Unicorn-3963.exe	41
PID 2684 wrote to memory of 1088	2684	Unicorn-18908.exe	42
PID 2684 wrote to memory of 1088	2684	Unicorn-18908.exe	42
PID 2684 wrote to memory of 1088	2684	Unicorn-18908.exe	42
PID 2684 wrote to memory of 1088	2684	Unicorn-18908.exe	42
PID 2668 wrote to memory of 2000	2668	Unicorn-5198.exe	43
PID 2668 wrote to memory of 2000	2668	Unicorn-5198.exe	43
PID 2668 wrote to memory of 2000	2668	Unicorn-5198.exe	43
PID 2668 wrote to memory of 2000	2668	Unicorn-5198.exe	43

C:\Users\Admin\AppData\Local\Temp\7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe
"C:\Users\Admin\AppData\Local\Temp\7909841b719ee5f96c3bd3a9b69af65e07457e2651bd7fbb5a22df907f75913e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        11⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        13⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        14⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        15⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        16⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 236
        16⤵
        
        PID:14224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        15⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        14⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        13⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        12⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        13⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        14⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        15⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 236
        15⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        14⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 240
        12⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        11⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        12⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        13⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        14⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
        14⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
        13⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
        12⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        11⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        10⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33785.exe
        12⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        13⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        14⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
        14⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        13⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        12⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        11⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        10⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        9⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        12⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        13⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        14⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
        14⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 236
        13⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        11⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
        10⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        9⤵
        Program crash
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        11⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        12⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        13⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        14⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
        14⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        13⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        12⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        11⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
        12⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        13⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        13⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        11⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        12⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 236
        13⤵
        
        PID:14024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        11⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        9⤵
        Program crash
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        8⤵
        Program crash
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        11⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        12⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        13⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        14⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        14⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        13⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        11⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        12⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        13⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
        13⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
        11⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        12⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        13⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
        13⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        11⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        10⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        9⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        11⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        12⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        13⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 236
        11⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
        9⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        8⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        7⤵
        Program crash
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
        11⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        12⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
        13⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        12⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        11⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        12⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        13⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 220
        13⤵
        
        PID:13812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        11⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        12⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 220
        13⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        12⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        11⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        12⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        9⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        11⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        12⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        13⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
        13⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 236
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        10⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 216
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        11⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 236
        12⤵
        
        PID:13896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        9⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        8⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        7⤵
        Program crash
        
        PID:2176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        12⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        13⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        14⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        14⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
        12⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        11⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
        12⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        13⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
        13⤵
        
        PID:13440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        12⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        13⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 204
        13⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 220
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
        9⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        11⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
        12⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        13⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 216
        13⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        12⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        11⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        11⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        12⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        11⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        8⤵
        Program crash
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        11⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        12⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        13⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        10⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        11⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        12⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 236
        12⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        11⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        10⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        9⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
        8⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        7⤵
        Program crash
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        11⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        12⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        13⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        14⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 236
        14⤵
        
        PID:13748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 236
        13⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        11⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        12⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        13⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
        13⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        11⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        12⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        11⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        12⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        11⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        9⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12985.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        12⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        13⤵
        
        PID:13404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11396 -s 216
        13⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 236
        12⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        10⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        11⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        12⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        11⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        10⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        8⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:1464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        6⤵
        Program crash
        
        PID:2788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        9⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        10⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        10⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        12⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
        13⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
        13⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        12⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        12⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        13⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        12⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        11⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        12⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 220
        12⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        8⤵
        Program crash
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 216
        7⤵
        Program crash
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        7⤵
        Program crash
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        6⤵
        Program crash
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        12⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        13⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 236
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 236
        11⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        11⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        12⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 220
        12⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 220
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10567.exe
        11⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        12⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        8⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        11⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        12⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        12⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        10⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        8⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        7⤵
        Program crash
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        6⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        10⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        11⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        12⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
        12⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 236
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        8⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        10⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        11⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
        11⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 236
        10⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        9⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
        7⤵
        
        PID:4836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 220
        6⤵
        Program crash
        
        PID:2360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        5⤵
        Program crash
        
        PID:2584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 372
        6⤵
        Program crash
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        11⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
        12⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 236
        12⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
        7⤵
        Program crash
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38860.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        11⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        12⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 236
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
        11⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        10⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        10⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        11⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
        11⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 236
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        7⤵
        Program crash
        
        PID:3272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        6⤵
        Program crash
        
        PID:2276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        10⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        11⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42130.exe
        12⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
        12⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        9⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        9⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        10⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        11⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 236
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        10⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        9⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        8⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 220
        7⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        10⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        10⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
        11⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
        11⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 220
        10⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        9⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        8⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        7⤵
        
        PID:4844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        6⤵
        Program crash
        
        PID:3208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        5⤵
        Program crash
        
        PID:1764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        11⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        12⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        13⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        14⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
        14⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
        13⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        12⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        11⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        11⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        13⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 220
        13⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
        12⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        10⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        9⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
        11⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        12⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
        13⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 236
        13⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        12⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        9⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        8⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        12⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        13⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
        13⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        10⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        12⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        12⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        11⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        9⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        8⤵
        Program crash
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 220
        7⤵
        Program crash
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        7⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
        8⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        11⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
        12⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        11⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        8⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
        7⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        8⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
        7⤵
        Program crash
        
        PID:3248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        6⤵
        Program crash
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        8⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        11⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        12⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        10⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
        11⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        12⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 204
        12⤵
        
        PID:13624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        11⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        9⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        8⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        10⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        11⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
        12⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        11⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        10⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 216
        8⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        7⤵
        Program crash
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34432.exe
        6⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
        7⤵
        Program crash
        
        PID:1284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        6⤵
        Program crash
        
        PID:1760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        5⤵
        Program crash
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        11⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        12⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        12⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        7⤵
        Program crash
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        10⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        11⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        12⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 216
        12⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 236
        11⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        9⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 216
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        10⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        11⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 236
        11⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 236
        10⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        9⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        8⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        7⤵
        
        PID:4636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        6⤵
        Program crash
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        10⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        11⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 220
        11⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        10⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        9⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        8⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
        7⤵
        
        PID:4936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
        6⤵
        Program crash
        
        PID:3096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        5⤵
        Program crash
        
        PID:1900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        11⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        12⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
        12⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        10⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        11⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        11⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 220
        8⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
        10⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        11⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
        12⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        12⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 236
        11⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        10⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        9⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        9⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        10⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        11⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
        11⤵
        
        PID:14208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
        10⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        9⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        8⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        Program crash
        
        PID:3536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        6⤵
        Program crash
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        10⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        11⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        10⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        9⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        10⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        10⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        9⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
        8⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
        7⤵
        
        PID:5448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
        6⤵
        Program crash
        
        PID:3308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        5⤵
        Program crash
        
        PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        8⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 220
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
        9⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        10⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        11⤵
        
        PID:14164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
        10⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        9⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        8⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        11⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 236
        11⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        10⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        9⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        10⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
        10⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        9⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
        8⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
        7⤵
        
        PID:5436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 220
        6⤵
        Program crash
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        10⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
        10⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        9⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        8⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        7⤵
        
        PID:5184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        6⤵
        Program crash
        
        PID:4244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        5⤵
        Program crash
        
        PID:996
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 220
      4⤵
      Program crash
      PID:2904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
  2⤵
  - Program crash
  PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe

Filesize
184KB

MD5
6260b2fceeb4f1c55980fb8c80fce154

SHA1
63ab5710e318c7591a6e8baefffdbe27d95da20d

SHA256
41a42a58621069e1df508a33c0d4d4a2f812a3619e0db039c748df60f078c0d1

SHA512
d3430af965d4c418c37c6636e04fc2d681d53e14bd39feb4694dd0102e7b799e0d0af0971ba473b6fee20ec34b414c23a1737e511d2316f7531c225da8e4945f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe

Filesize
184KB

MD5
9c44e4906ca24fac298ad762b6d836cb

SHA1
4328b0215e2a73b79330c85413ed546319cd06a0

SHA256
e34c7eb570fcba1a0be9df761a33986cd7be106e976d3192ac84569f093ff8ed

SHA512
b357af567bf6d91eaf607dcfbdab4b47e9a8a3ce32f4f563052cbc51ce1f3f6b1b0deafadc185948f4216db164d0a1c94fb7a35f5b2363612d67bcf0e4cf573b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe

Filesize
184KB

MD5
f1a473a289d1c0b1176d2daf4fd230fd

SHA1
67f07f9d4d5caa9750d87b4535b3186c1e122cf0

SHA256
117d92b3285af0ab0794ff24101e4e6a7ac6d83a4c69976e9867139315af28d3

SHA512
c11273946e50124970e07a446b9fe5676c067e30b7cef00e3c8347111f90ffad3262e6c5095303df3673056f6fd6c7327159092493a639f205506e58b4c6d95f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe

Filesize
184KB

MD5
e508df7fb1de3bca49496d50666a06da

SHA1
0cd6b412200635650735c0c021405687e453ddda

SHA256
f12b310e7e6548a4d1992dbbaa13f0e661730ea44bb8bcc222ab2f996dd90e30

SHA512
c5fdba9b05b6ad2075fecd32538de37d8638ba8c2fb741ee835fde15af5e39b60c9fd1b7e3410781926f08bf9eb551202597c0e1543cd80e5c210a0a4a4930ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe

Filesize
184KB

MD5
9e0997ccddd79319cead0c191e60d4e7

SHA1
5b3c1009ea8d12f454547d9197bbbb0cc80ff879

SHA256
f434b50fefff6dad21512470418fa5bd4dbf09f5a7c5f196687ce27c9598e4b7

SHA512
70ad7dcec3fc9223adf7e328cb1159776173e818621fb411d946170d112597dfc5351234a02f357a181a8a22c88b27fea0fe6978f2cc9e3e46347931cee322e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe

Filesize
184KB

MD5
aa06d88fd2a3d247fb2783657615668f

SHA1
6fff31c906cd9fe3328d9ab05abcbcd7887cae5a

SHA256
4f48ea2470ac2d81a0b9215f79710f905b6695af6ef1f907e277dd4dfb3126de

SHA512
704648df88bface8f7764dd499cb3a2de0912587c0f7880c9ef5c71b143fbe0d6434fe3bb14dfb7d8666ad84bac56d4cf7b29f9982908192a75afeb253efd164

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe

Filesize
184KB

MD5
e45fca9886107087b564f1d648ec4f30

SHA1
670b88725854b97d6a02a0aa5600f440e0e2aefe

SHA256
8ee60c03c647397e06ed27c2b18ca7bcf7ac820a28984fbcc61f865dcb9b8661

SHA512
170568c58549517ed488fa3558ea62df865c549438b473cb9257be9cc2c377eac6c6e80e23bfbd025f675bb68775acf0fc5609814110317bb62574d1947a150a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe

Filesize
184KB

MD5
4ff57fc708e6a5fab8e81651b47e959b

SHA1
25905070ce4c5ff81cffe2cd6591afc376efddb9

SHA256
0beaf2431bd0be5005318a268b45bceb4327418f8075c97dce651c2e6d782204

SHA512
2acab74cbd7450f389595730ce5c22eda30aa505b433f8a424200f11b0b654da21787181cccc22877601afe3f089d3f2d49436b1a5ad6fea41d732cd8b105919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe

Filesize
184KB

MD5
9fb6c0a9ba62a977c86a8f0d02a82e9c

SHA1
ca42bfcc0727426c825435113918905d50a1e6b7

SHA256
6a7b705c4162ba949814d118711cadd3d0f1ea0c569d99e3ca1a598099946930

SHA512
4b5c3eb2dc438cf550e1e7d03d3145ff743ea6e6ac90f8cbcdf2f83ca9c6c7c25ba70b558e947b6b88d167a42162c8b737e05c7fb980844ec16f2c2982af02af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe

Filesize
184KB

MD5
6e51f51067b44c90e26e7e6879588f8b

SHA1
548bbdeaefb2f0e2b80ed8293f587ae05acb4559

SHA256
657c3d66880337491d10a9635c39be42f7e6a14ccd88ba40a06976b045e4e62c

SHA512
b7b38dfe9a75478909a265c26b7a905a7819c84441c4a86590cc7714e4821cb3ab5db2e7891df2ba5963e89fb932adb5f63aa7d6c41e2401b9904bfac994edf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe

Filesize
184KB

MD5
3152406621d638d6b151c0449e97feb8

SHA1
0d4487e1a95dc2f4c5549318a015d13e044ac748

SHA256
7d9c9b705fc38ee9ffbaced0ebb93602b8062d746688f278cf59c93ecaaa41c0

SHA512
3a00e296fe8870ac1e8ea48893d71d294d7eb980934d2afb2904ee15c27d0a9cc7c00dc7fc45c8d10c67614932f490bfe4c4bc6589daa709d7fe0f9deae008a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe

Filesize
184KB

MD5
0da4f0fcebf290232b9abb23a8970652

SHA1
667d27635a2293a19cf83eb5201d9eae3ab217f1

SHA256
749bf06fd3fae6001177f20f1ddbb52a084dd123a388f101a4bdd2adf1bf4b27

SHA512
d7d3a1884997828d3559bc1a2a18c1b95113e0fc7adf2847fea825d7bbf6137d6aefb98b5f89f97a931870895d145a14e9d19060770e6471385ae4bbb9d49fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe

Filesize
184KB

MD5
76039f5a31f1e3f007880b210e1f0c9c

SHA1
4194fcddf5ab2b57e4b8c65102645efda5bb8fcc

SHA256
eb6009323528700239fd559e6be819e90c3271411a65df618a5a4a413981c00f

SHA512
47655a713a0282f3e5d1c7681a462496efb81ccd48cd16e99de8245517bea7de842976f31d654498a0a53a5656a47a51e6b2449b65199a0c5055dd850fbe8f83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe

Filesize
184KB

MD5
5d5690f71cb74bb3febd721e6ee9ebff

SHA1
e2133d9401300bf15b742a6ab792f849d5888d6a

SHA256
75b24a2f1f1cc907f935cf1b592e1c790329f516261403c3c522cd6b728e8a01

SHA512
3cbb75243f343cb8a4d8072bac70a7c651913a0bf9c2c2fd0c6ed5870f8536645781662064cbbee9ee41815c6723463bb8741935bd981600cd0ac28831500ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe

Filesize
184KB

MD5
9faa5a5d66c2ec69d9c902ae902d602b

SHA1
ed226f9028c6d959bdbbe1242bbc9f0c05652533

SHA256
deb9fcc55e94e3c5d85004dd4d349481cea13f2fc8dfc5eff87ee82074b0f1b3

SHA512
6d4687eabbb581bf625edbb941a5dba3960ce953ba49203d7f06b26b57da2173bb4c520844d1486960bd567eb307ef9f9fcedca6257ada7b39e74c1462e080ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe

Filesize
184KB

MD5
25fccf891877c592b10d4a3ccd0892d7

SHA1
c88d900954e3b5877daf049d6ec5a552b5936350

SHA256
85f8da563af5d8e9551f769d2117106fb553cf326e079dba7c7ef0fefc1450ad

SHA512
fa5fe7bdb17bb0f29248cd61d483d9a1355089c0e32828183701d7aa9aa7c24ba444e15af23ddb7a6e2108421dfc80a588f446cde625eee32db6c20bda1d47dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe

Filesize
184KB

MD5
9b94bec57f1a4e0c059e6bb9fe4006f7

SHA1
423c908ffc51ab1713064519c8a46955e916a7cf

SHA256
c5ed7b980dca1ac390cbbaf8ab55a4e59b59d0dc67973e14bb02c3741f621f21

SHA512
7d92f66d547c18472a5342be6c5b417f6a20c4e3f5b22a16d2bee093132ae82fbf98871fb4bb71bcbf1fa5b4df0dfbc4cc7b15fe90c1a143734ba805bbf2f67d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe

Filesize
184KB

MD5
5f328e649091f44a66c21db1ffba9901

SHA1
2434a1c871b9db49e47b592bd256391fc2b0d41a

SHA256
51f625ebb6b55ff5950136897de0ff5b1d9aedecbd97b2ea170ad796ec99aa60

SHA512
c013cc1ac26ab2ad7b30335dfedadd855ab342c742eb031a51b6501918883e18f30012168044fde01aaea2cac33d794e24d77733e624baa7d961ede016c42d18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe

Filesize
184KB

MD5
49ea0f94827c1e60ca352f5c10155eb2

SHA1
1a03f7d694e4332d56ac86323ff510268e4e0720

SHA256
1d6ba3be5f7cf9f807b0391d9ccd5625e60c00e1e3ba8524d121b5623c0cf8e7

SHA512
4a32d9d68040b0075a80d18e18ef63dbf37940b868e890463e063f50dd2e8b48be3abba8b8bb2d0e86d461fb3ffd180e7bd45a79c526b1d6f71a0df20c293701

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe

Filesize
184KB

MD5
0e2381316297e1cfa83d7ebb27dca0e5

SHA1
35d6cbde599d2509bd62b3f9f9fb75cfc0820d1a

SHA256
802a15d11d1cbba4ff4fe88ba868117bc87571c90fa278875bf4adae03087594

SHA512
15728a552bdc7d3dd9f25acdac8a20b2f4fc28a9766ee0720dfd78ae01c92f0e9bf0645ca910472df40a4b10deb9538df59891218d0e99bce572a09f13d2997d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe

Filesize
184KB

MD5
60cd1e40b626d399058de9d68767263a

SHA1
d7b0a14a1c2c81c2d6889d9c097b0294259ef09b

SHA256
8a22d2b1433e2e4f4bedfa8cf931fe56e869a7163e7e0499c3ebef4900a0d160

SHA512
e06fec7ca71aeae33012e1f1f197ec09d3982c1578c0329dfcc3cadde40f8d7caa362611eaf229834f4905334579c029b344c506e72fef67fb290255cd350bd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe

Filesize
184KB

MD5
9c0940bc213886380b0d61efdde34118

SHA1
d6b9ed1edbcf4ceffb6167687ddf3ea154579282

SHA256
9080d2cbbafffa112fa4ece9ec68323d33f2853e0c3ee43eece3730bf74a4db6

SHA512
94dfd350c759c86836f483bdf3c7ebb80565d2fe2d741cc785840e300669bfb73bf187a22cf697dbd958c16db879f082edd85fdbb29e2183fa82c58f18ecca61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe

Filesize
184KB

MD5
a3b819fd3e0119b127bb9fa021a3935f

SHA1
9ba582fa9f85bce73f890ebf41c6cf1e4336f762

SHA256
9eb768185be79f0f5afb6a9e9c94bdb72c6d6bb9a7f14fbdfb9d87b94d2372f4

SHA512
9f270aa4be310727dc75753a18dc09f9bb2da43cbb5d0825244e69fb82130775e8c5233633d24f27ae6ec3a71635bcfbf587ca2e9d7d03a1e2ec81ecfa816f99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads