323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 20:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
Size

184KB
MD5

4cdb870ccd9fc48b86ca88e0b345a022
SHA1

f80ee649d673b117d7aaeee44298adc2c1aaac91
SHA256

323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc
SHA512

a29649acb0212a0f98820d21657c508df57de09aca31a0bdf8c59160fd2346cf22fb573e432ffc0b69d3f86fc0024f8035fb4545efa7139bc1cd56f9a1579ba8
SSDEEP

3072:FTx6ksoll9q8AREyeh7LpQ+3Iw4b2X6MbUsaB0Q5HHxhPnVOFv:FTUoI1REvLC+3I0wlrhPnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2840	Unicorn-8203.exe
2600	Unicorn-29776.exe
3004	Unicorn-5826.exe
2668	Unicorn-29859.exe
2796	Unicorn-44804.exe
2460	Unicorn-25775.exe
1188	Unicorn-24789.exe
2700	Unicorn-48971.exe
2872	Unicorn-29942.exe
1808	Unicorn-10076.exe
1892	Unicorn-37041.exe
2400	Unicorn-22890.exe
1872	Unicorn-3024.exe
1660	Unicorn-46003.exe
2932	Unicorn-331.exe
2396	Unicorn-41940.exe
1928	Unicorn-11213.exe
2824	Unicorn-17990.exe
2132	Unicorn-18889.exe
2140	Unicorn-64560.exe
1912	Unicorn-28379.exe
1108	Unicorn-40077.exe
1936	Unicorn-44716.exe
948	Unicorn-64581.exe
1144	Unicorn-11296.exe
1176	Unicorn-52884.exe
2184	Unicorn-7212.exe
2360	Unicorn-13989.exe
2340	Unicorn-3128.exe
2504	Unicorn-10502.exe
2620	Unicorn-17279.exe
2780	Unicorn-61649.exe
2208	Unicorn-12448.exe
2576	Unicorn-54036.exe
2428	Unicorn-63595.exe
2036	Unicorn-27716.exe
2752	Unicorn-51898.exe
1860	Unicorn-4.exe
1648	Unicorn-61457.exe
1208	Unicorn-9241.exe
2028	Unicorn-18479.exe
876	Unicorn-47067.exe
384	Unicorn-27201.exe
576	Unicorn-40522.exe
2884	Unicorn-60388.exe
660	Unicorn-57928.exe
1720	Unicorn-59786.exe
2296	Unicorn-1026.exe
2928	Unicorn-14669.exe
1656	Unicorn-61732.exe
1352	Unicorn-11140.exe
612	Unicorn-22838.exe
308	Unicorn-62287.exe
3068	Unicorn-43258.exe
1680	Unicorn-4363.exe
1332	Unicorn-13086.exe
2960	Unicorn-59594.exe
2912	Unicorn-35644.exe
2704	Unicorn-18562.exe
2424	Unicorn-41120.exe
2648	Unicorn-17170.exe
2728	Unicorn-61540.exe
2856	Unicorn-27284.exe
2756	Unicorn-60170.exe

Loads dropped DLL 64 IoCs

pid	Process
2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
2840	Unicorn-8203.exe
2840	Unicorn-8203.exe
2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
2600	Unicorn-29776.exe
2600	Unicorn-29776.exe
2840	Unicorn-8203.exe
2840	Unicorn-8203.exe
3004	Unicorn-5826.exe
3004	Unicorn-5826.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2668	Unicorn-29859.exe
2668	Unicorn-29859.exe
2600	Unicorn-29776.exe
2600	Unicorn-29776.exe
2460	Unicorn-25775.exe
2460	Unicorn-25775.exe
3004	Unicorn-5826.exe
3004	Unicorn-5826.exe
2796	Unicorn-44804.exe
2796	Unicorn-44804.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
1752	WerFault.exe
2668	Unicorn-29859.exe
1188	Unicorn-24789.exe
1188	Unicorn-24789.exe
2668	Unicorn-29859.exe
2460	Unicorn-25775.exe
2460	Unicorn-25775.exe
2872	Unicorn-29942.exe
2872	Unicorn-29942.exe
1808	Unicorn-10076.exe
1808	Unicorn-10076.exe
1892	Unicorn-37041.exe
1892	Unicorn-37041.exe
2796	Unicorn-44804.exe
2796	Unicorn-44804.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2568	2676	WerFault.exe	27
2904	2840	WerFault.exe	28
1752	2600	WerFault.exe	29
668	3004	WerFault.exe	30
1904	2668	WerFault.exe	32
412	2460	WerFault.exe	34
1040	2796	WerFault.exe	33
2260	2932	WerFault.exe	46
2860	1188	WerFault.exe	36
2968	2872	WerFault.exe	38
2848	2700	WerFault.exe	37
2640	1808	WerFault.exe	39
2800	1892	WerFault.exe	40
2508	2400	WerFault.exe	44
2104	1872	WerFault.exe	43
1896	1660	WerFault.exe	45
952	1928	WerFault.exe	48
1324	2396	WerFault.exe	47
916	2824	WerFault.exe	49
1944	2140	WerFault.exe	54
1812	1108	WerFault.exe	56
904	1912	WerFault.exe	55
2192	948	WerFault.exe	59
852	1936	WerFault.exe	58
1736	1176	WerFault.exe	61
1692	2184	WerFault.exe	62
2516	1144	WerFault.exe	60
2212	2360	WerFault.exe	63
2316	2340	WerFault.exe	64
2916	2504	WerFault.exe	68
1712	2620	WerFault.exe	69
304	2208	WerFault.exe	73
1476	876	WerFault.exe	82
828	384	WerFault.exe	83
2576	2884	WerFault.exe	85
1740	1208	WerFault.exe	80
3200	1648	WerFault.exe	79
3248	2780	WerFault.exe	72
3476	1860	WerFault.exe	78
3624	576	WerFault.exe	84
3616	660	WerFault.exe	86
3680	2036	WerFault.exe	76
3724	2752	WerFault.exe	77
3732	2428	WerFault.exe	75
3764	2028	WerFault.exe	81
3660	2296	WerFault.exe	90
3188	1680	WerFault.exe	101
3208	2648	WerFault.exe	107
3448	2912	WerFault.exe	104
3924	2856	WerFault.exe	109
4040	2220	WerFault.exe	115
4036	1632	WerFault.exe	114
3116	2372	WerFault.exe	117
3180	2248	WerFault.exe	113
4024	2476	WerFault.exe	130
3412	2708	WerFault.exe	132
3420	2784	WerFault.exe	133
3160	612	WerFault.exe	98
3380	2204	WerFault.exe	136
4156	1720	WerFault.exe	89
4180	2572	WerFault.exe	129
4204	2892	WerFault.exe	139
4212	1992	WerFault.exe	131
4244	2928	WerFault.exe	92

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
2840	Unicorn-8203.exe
2600	Unicorn-29776.exe
3004	Unicorn-5826.exe
2668	Unicorn-29859.exe
2796	Unicorn-44804.exe
2460	Unicorn-25775.exe
1188	Unicorn-24789.exe
2700	Unicorn-48971.exe
2872	Unicorn-29942.exe
1808	Unicorn-10076.exe
1892	Unicorn-37041.exe
2400	Unicorn-22890.exe
1872	Unicorn-3024.exe
1660	Unicorn-46003.exe
2932	Unicorn-331.exe
1928	Unicorn-11213.exe
2396	Unicorn-41940.exe
2824	Unicorn-17990.exe
2132	Unicorn-18889.exe
2140	Unicorn-64560.exe
1912	Unicorn-28379.exe
1108	Unicorn-40077.exe
948	Unicorn-64581.exe
1936	Unicorn-44716.exe
1144	Unicorn-11296.exe
1176	Unicorn-52884.exe
2184	Unicorn-7212.exe
2360	Unicorn-13989.exe
2340	Unicorn-3128.exe
2504	Unicorn-10502.exe
2620	Unicorn-17279.exe
2780	Unicorn-61649.exe
2208	Unicorn-12448.exe
2576	Unicorn-54036.exe
2428	Unicorn-63595.exe
2036	Unicorn-27716.exe
2752	Unicorn-51898.exe
1860	Unicorn-4.exe
1648	Unicorn-61457.exe
2028	Unicorn-18479.exe
1208	Unicorn-9241.exe
876	Unicorn-47067.exe
576	Unicorn-40522.exe
384	Unicorn-27201.exe
660	Unicorn-57928.exe
2884	Unicorn-60388.exe
1720	Unicorn-59786.exe
2296	Unicorn-1026.exe
2928	Unicorn-14669.exe
1656	Unicorn-61732.exe
1352	Unicorn-11140.exe
612	Unicorn-22838.exe
308	Unicorn-62287.exe
3068	Unicorn-43258.exe
1680	Unicorn-4363.exe
2960	Unicorn-59594.exe
2912	Unicorn-35644.exe
2704	Unicorn-18562.exe
2424	Unicorn-41120.exe
2648	Unicorn-17170.exe
2728	Unicorn-61540.exe
2756	Unicorn-60170.exe
2856	Unicorn-27284.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2840	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	28
PID 2676 wrote to memory of 2840	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	28
PID 2676 wrote to memory of 2840	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	28
PID 2676 wrote to memory of 2840	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	28
PID 2840 wrote to memory of 2600	2840	Unicorn-8203.exe	29
PID 2840 wrote to memory of 2600	2840	Unicorn-8203.exe	29
PID 2840 wrote to memory of 2600	2840	Unicorn-8203.exe	29
PID 2840 wrote to memory of 2600	2840	Unicorn-8203.exe	29
PID 2676 wrote to memory of 3004	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	30
PID 2676 wrote to memory of 3004	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	30
PID 2676 wrote to memory of 3004	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	30
PID 2676 wrote to memory of 3004	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	30
PID 2676 wrote to memory of 2568	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	31
PID 2676 wrote to memory of 2568	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	31
PID 2676 wrote to memory of 2568	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	31
PID 2676 wrote to memory of 2568	2676	323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe	31
PID 2600 wrote to memory of 2668	2600	Unicorn-29776.exe	32
PID 2600 wrote to memory of 2668	2600	Unicorn-29776.exe	32
PID 2600 wrote to memory of 2668	2600	Unicorn-29776.exe	32
PID 2600 wrote to memory of 2668	2600	Unicorn-29776.exe	32
PID 2840 wrote to memory of 2796	2840	Unicorn-8203.exe	33
PID 2840 wrote to memory of 2796	2840	Unicorn-8203.exe	33
PID 2840 wrote to memory of 2796	2840	Unicorn-8203.exe	33
PID 2840 wrote to memory of 2796	2840	Unicorn-8203.exe	33
PID 3004 wrote to memory of 2460	3004	Unicorn-5826.exe	34
PID 3004 wrote to memory of 2460	3004	Unicorn-5826.exe	34
PID 3004 wrote to memory of 2460	3004	Unicorn-5826.exe	34
PID 3004 wrote to memory of 2460	3004	Unicorn-5826.exe	34
PID 2840 wrote to memory of 2904	2840	Unicorn-8203.exe	35
PID 2840 wrote to memory of 2904	2840	Unicorn-8203.exe	35
PID 2840 wrote to memory of 2904	2840	Unicorn-8203.exe	35
PID 2840 wrote to memory of 2904	2840	Unicorn-8203.exe	35
PID 2668 wrote to memory of 1188	2668	Unicorn-29859.exe	36
PID 2668 wrote to memory of 1188	2668	Unicorn-29859.exe	36
PID 2668 wrote to memory of 1188	2668	Unicorn-29859.exe	36
PID 2668 wrote to memory of 1188	2668	Unicorn-29859.exe	36
PID 2600 wrote to memory of 2700	2600	Unicorn-29776.exe	37
PID 2600 wrote to memory of 2700	2600	Unicorn-29776.exe	37
PID 2600 wrote to memory of 2700	2600	Unicorn-29776.exe	37
PID 2600 wrote to memory of 2700	2600	Unicorn-29776.exe	37
PID 2460 wrote to memory of 2872	2460	Unicorn-25775.exe	38
PID 2460 wrote to memory of 2872	2460	Unicorn-25775.exe	38
PID 2460 wrote to memory of 2872	2460	Unicorn-25775.exe	38
PID 2460 wrote to memory of 2872	2460	Unicorn-25775.exe	38
PID 3004 wrote to memory of 1808	3004	Unicorn-5826.exe	39
PID 3004 wrote to memory of 1808	3004	Unicorn-5826.exe	39
PID 3004 wrote to memory of 1808	3004	Unicorn-5826.exe	39
PID 3004 wrote to memory of 1808	3004	Unicorn-5826.exe	39
PID 2796 wrote to memory of 1892	2796	Unicorn-44804.exe	40
PID 2796 wrote to memory of 1892	2796	Unicorn-44804.exe	40
PID 2796 wrote to memory of 1892	2796	Unicorn-44804.exe	40
PID 2796 wrote to memory of 1892	2796	Unicorn-44804.exe	40
PID 2600 wrote to memory of 1752	2600	Unicorn-29776.exe	41
PID 2600 wrote to memory of 1752	2600	Unicorn-29776.exe	41
PID 2600 wrote to memory of 1752	2600	Unicorn-29776.exe	41
PID 2600 wrote to memory of 1752	2600	Unicorn-29776.exe	41
PID 3004 wrote to memory of 668	3004	Unicorn-5826.exe	42
PID 3004 wrote to memory of 668	3004	Unicorn-5826.exe	42
PID 3004 wrote to memory of 668	3004	Unicorn-5826.exe	42
PID 3004 wrote to memory of 668	3004	Unicorn-5826.exe	42
PID 1188 wrote to memory of 2400	1188	Unicorn-24789.exe	44
PID 1188 wrote to memory of 2400	1188	Unicorn-24789.exe	44
PID 1188 wrote to memory of 2400	1188	Unicorn-24789.exe	44
PID 1188 wrote to memory of 2400	1188	Unicorn-24789.exe	44

C:\Users\Admin\AppData\Local\Temp\323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe
"C:\Users\Admin\AppData\Local\Temp\323cb89fbad2a6e0b159dc4f4a314c6467111c37d149eff763f98d132b8b62dc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        11⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        12⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        13⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        14⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        15⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        14⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        13⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        12⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        11⤵
        Program crash
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60549.exe
        11⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        12⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        13⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        14⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
        14⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
        13⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        12⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
        11⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        10⤵
        Program crash
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        11⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        12⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        13⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        14⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        15⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 220
        14⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 220
        13⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        11⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        10⤵
        Program crash
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        9⤵
        Program crash
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12910.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        12⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        13⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        14⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        14⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
        13⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        11⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        10⤵
        Program crash
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        12⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        13⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        14⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        13⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        12⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        10⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
        9⤵
        Program crash
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
        12⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        13⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        14⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 236
        14⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 236
        13⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
        12⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        11⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        10⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 220
        11⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        9⤵
        Program crash
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        11⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        12⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        13⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
        13⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 236
        12⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        10⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        9⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        8⤵
        Program crash
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        Program crash
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
        9⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        11⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        12⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        13⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 220
        11⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 216
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        8⤵
        Program crash
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        7⤵
        Executes dropped EXE
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        12⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45187.exe
        13⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
        13⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        10⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        11⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        12⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        8⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
        7⤵
        Program crash
        
        PID:904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        10⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        11⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        12⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        13⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        14⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 236
        14⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 236
        13⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        11⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        10⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        12⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        13⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        13⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
        9⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        12⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        13⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 236
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        9⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        8⤵
        Program crash
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        10⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        12⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        13⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        12⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        11⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        10⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        11⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 220
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        10⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        9⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 220
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        7⤵
        Program crash
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        12⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        13⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 236
        13⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        11⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        10⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        11⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
        12⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        11⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        10⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        11⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        12⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
        12⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        8⤵
        Program crash
        
        PID:4204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        6⤵
        Program crash
        
        PID:2104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        12⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        13⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        12⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 236
        11⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        10⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15785.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        11⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        11⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41878.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        10⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        11⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-812.exe
        12⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        11⤵
        
        PID:864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        10⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        11⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        10⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19888.exe
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        10⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        9⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        8⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        7⤵
        
        PID:4836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        5⤵
        Program crash
        
        PID:2848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        11⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        13⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        14⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
        13⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 220
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        12⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 220
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 220
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1717.exe
        11⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        12⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        13⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 236
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        10⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        8⤵
        Program crash
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        11⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 220
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 220
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        9⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        8⤵
        Program crash
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        7⤵
        Program crash
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        11⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        12⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        13⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 220
        12⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        11⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 220
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 220
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        10⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        11⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        12⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        11⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        10⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
        8⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        7⤵
        Program crash
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        6⤵
        Program crash
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        10⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        12⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        13⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
        12⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        11⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        11⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16231.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43248.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        11⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        12⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        11⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        8⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        11⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        12⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 216
        11⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        8⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        7⤵
        Program crash
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
        6⤵
        Program crash
        
        PID:1736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        5⤵
        Program crash
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        11⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        12⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 220
        13⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        8⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        11⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        12⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        11⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
        10⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 220
        7⤵
        Program crash
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        10⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31095.exe
        11⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        12⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 240
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 220
        10⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
        8⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        7⤵
        Program crash
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        6⤵
        Program crash
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
        9⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 188
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
        9⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        10⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        11⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        9⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        6⤵
        
        PID:2436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
        6⤵
        Program crash
        
        PID:3616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        5⤵
        Program crash
        
        PID:916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        6⤵
        Program crash
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        12⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        13⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        12⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
        10⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        9⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        11⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        10⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        7⤵
        Program crash
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        11⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
        11⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 220
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        8⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
        7⤵
        Program crash
        
        PID:3208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        6⤵
        Program crash
        
        PID:852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        5⤵
        Program crash
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
        12⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        13⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        12⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 220
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        10⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        7⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48930.exe
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        10⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        11⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 236
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
        10⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        8⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        7⤵
        Program crash
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        10⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        11⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        12⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        9⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        7⤵
        Program crash
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        11⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        12⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        11⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 220
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        9⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        10⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
        10⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        9⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        8⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        9⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        10⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        11⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
        10⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        9⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 220
        8⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        7⤵
        
        PID:5136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        6⤵
        Program crash
        
        PID:3724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        5⤵
        Program crash
        
        PID:1896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        11⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        13⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        11⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        11⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        12⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        7⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        11⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        12⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        10⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
        8⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        7⤵
        Program crash
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        10⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        11⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        10⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        10⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        11⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
        10⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        9⤵
        
        PID:352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        8⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        7⤵
        
        PID:4712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        6⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        10⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        11⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 220
        11⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        9⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        8⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        7⤵
        Program crash
        
        PID:3420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
        6⤵
        Program crash
        
        PID:828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        5⤵
        Program crash
        
        PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        10⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        11⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        10⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        9⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        8⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        7⤵
        Program crash
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        6⤵
        Program crash
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        9⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        10⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        11⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        10⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        9⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 220
        8⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        7⤵
        
        PID:5244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        6⤵
        Program crash
        
        PID:3180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        5⤵
        Program crash
        
        PID:2212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
      4⤵
      Program crash
      PID:2640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
  2⤵
  - Program crash
  PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe

Filesize
184KB

MD5
6030228c9bb6720338cd79d4b9a227c4

SHA1
7ec48899ce49f9afaacac61b70651f43d77c0d6b

SHA256
9af1a51b83491eb58f67150d972ca5d9c9f5b8cc7829efaf4ff0e1cfb31adb14

SHA512
e8dac2a78087ed9dbeb860158f30037d538429d11dea4f7e142930d11093d5d746c5e1b7009cbdf256fe0b079ccfa1ab28c7df30984ffde5b1453ad48c4366c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe

Filesize
184KB

MD5
943c03eb352267cce3e7b79b4aabd4e3

SHA1
589ccf52f4194e4eb58a18a0b95ff893b6457cdf

SHA256
2b637007048bd1079322fdccb62d7e9c5d18e02dac489b619c7461dd750b6767

SHA512
2c2cd0bad14ba10153156edbc8e4e99ca8a3a37293d1efdbba9388e2841c9b03745a4614f1e318a2ac4d08f271634e2dd454583cca33808fc00866b7444153b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe

Filesize
184KB

MD5
256ea181002e4018070b938653b1bfea

SHA1
a076f9091be497512a0cfe5396f03a2991169f7d

SHA256
a46a746d52f2803541b82dc93a9099a37450444238355b48189300523ff490b8

SHA512
3a6d0796e67b1a985021f616123ba40f7cc9dbf6a781bddfbc89fb608e6f93c86abdcabcd9ac900435ea3dbb798087e14306faac23ac567a7d3f6a9f2427f9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe

Filesize
184KB

MD5
c1d27437a1238624924e769cd52ece11

SHA1
797316540734c59d98222a01fcba88dac360f17a

SHA256
c3b713064c0e8bb2681d0e621463070fc01aadb0e0937455ca53fc04d53de25c

SHA512
634cb9eb14d578927794b4c6217e271aa31cc2850e434264368cabb6d94b3ef42fb7b98a1fc8fb9a6ab438c780392f7c04cbda4e023153c7fd2ae0213cf840b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe

Filesize
184KB

MD5
b40a4ae9a4141b971b8fcf8fba6c60f7

SHA1
83cd735c64fa2dff2973672f098f50a6ca049a68

SHA256
f648741fa07817595686688fac0a85543044ca9b415bbb7728051aabc44eac24

SHA512
8bd1e750512e337588625da9a4060ae3d16498e34b6e2313d5628d60ec87c781e0f95d8556636dc1ca653a731e69975e19e6557e584691e3cddf4b152fd369ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe

Filesize
184KB

MD5
1b8df2cdcfb1069b78b8fcd1e6750a0e

SHA1
807a9fefd7586b786badd4e14ba94df9b56e2f4f

SHA256
4d8f407710e43d1537255d261a52989b6ae3bf755f2e894ecc453458bde8ffd4

SHA512
1e3f9c3984d1b278b188f82e303d6d1817fb54484ce6726c8a4eb3c3c831605dbfefd4f94a87eb6642f8c63834a0247d7b3ee78ed295c463a609ee6d7e5dbf0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe

Filesize
184KB

MD5
8a91ec580ab8fa827637ec03f5f921b2

SHA1
ad06fe0e8459c5699b56eba3c0964d63fc17147c

SHA256
77b203a68b3837483f88995d07cee2476da2b622ce2b8dad2c962db14973c69b

SHA512
6330d397e03e9d3fea218361f27d8c951428bf9bd28888532b63d429fa85857cd45c01f5e26f734ef3fb98e37333bf3908edc0df01e03803382214d38c958d91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe

Filesize
184KB

MD5
83c6db2e9fe8402426ed2d206ed440ee

SHA1
538749dec46caf55826bbf8c880a06af5becc8d7

SHA256
cfddd698e241efca3ffd4172e331d310bb12fcb5a4718b5064e7a8f6d069435f

SHA512
ffe4197d67e1390247488083b3cb555f42acc9205a0a4ad7cc18c864023257b1beab62bbef21bfb52705c94b71dbe58324b2dbf712f6f069c671ce050c8cf6f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe

Filesize
184KB

MD5
c328cb3ec41886290a83a2c30526d5bb

SHA1
968bf6577d1e8fedbdb7102e05e8cc4406fa0938

SHA256
12e7ec13ceb8ab8b850af8fcfb7ab96b6141ea36934201ba65bc3e6cc9c4dfe6

SHA512
d760f03137f9b1839dacd774d55a1192096d193f22dd6dfa09060106ccb3789b849fd7058d68fcbff8914244bdca64bbc5e444f5cbbe4b55fc3cc072e37344fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe

Filesize
184KB

MD5
0e37d0407e4f810cfdbd4d58bd8e6d93

SHA1
10182a5fa3685706284833a1d44881af893eb1b8

SHA256
1ce50cdb8f4da02c255b3e20248bb7a469244068c94027fde07fccb2d7c5575b

SHA512
ccc71123bb2218cf8dd216dd5d715487bea4ec16aa28c2beca80566dd345d34f015617ace5c60da4e3d5fb79a3f632aeb0680e416b82d074b74580bd1ac27a0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe

Filesize
184KB

MD5
536cd0f6a7077adb31280f394b04106a

SHA1
90950b1cff28d8389a1f0696a6170046618690ca

SHA256
e53ee0bd6b272621324fcb89fb8c8ac24309869dd0e204ed99e997f7ee541a6f

SHA512
ce1ca622c288627a004d6391b43d6a1d9e1f00a50b058913073f754ccf2d4e8e0b6f2a90765a373eb7005988697eef84ee6d0e216d3752a019e2ba7614c957a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe

Filesize
184KB

MD5
624db51c1d164969d639e9e3732e8dc4

SHA1
21046e1c80417b3c126fe0669624599568776abb

SHA256
578de979add119ad96df2ae5a39ad91b8f92be4db6a1b9849c27ab0f50512e31

SHA512
11645939997524d1982ae8d86e5437ad9c1e14efa844ce8292ecd79f4e1e2f95262dc0cfcb7a65e86a82e800eea6b821a562b9df5f2ffe2dcdc240b5c43ba0dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe

Filesize
184KB

MD5
70b80cc881d5e3ccdf262afde3cc30da

SHA1
999a229abb539ef35d984ac7f8bfae0cec5da6b6

SHA256
557da3812bbd3e83d2769b6e722ba412f1fd9ba86fda852fec9dcf0dbf3d79f9

SHA512
d2c22e33f5eef5cacb720d8d2fe488e5b052970c9796663ead72a5e011b66c5ea492db64b9bc30310aa1652ec1dd9b9cf9aa371f2c3cc1b158dab94110c883cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe

Filesize
184KB

MD5
ab3a5229e3acaa4e98b7004a6e5224b5

SHA1
11e90d6166df7919deac9296235adf49b94dce37

SHA256
a92ab9c41fc1b095d0786099a36b1b4b0256a120217be4c7fc5c142e6c4b0a15

SHA512
2750df70b5b1f7fd98d4eed3e5b42d4508ac446fef24f16a9821808c5409a1939222b927bf16b901c353c260b834606966359f00c178ccd651784d9d8a28cf8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe

Filesize
184KB

MD5
c77c2606633b4b605ae55ea49801fd54

SHA1
7f76a18af9bf685329316b7343f119033eeaf653

SHA256
effe5a580aee21261c96685584fb66b963a2af4583b4514f720cbc655c90bd50

SHA512
f0324d2f3949e0503a628b246a320b9797b17e2d0c39bb85329c74f1c459c7dca6ac55664ad18addc1dc3b9ac1f9fc58605368068b87627183c13e589f24b44b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe

Filesize
184KB

MD5
7eb83f0c2ae25c56f6573b919316b3aa

SHA1
040aeae67b9d8065dacd1a5b055438ca2862be38

SHA256
ec33c49f133a1e2cd2ffc3e8ce41214f4c608f049c53a4813b44882a3c3c88a3

SHA512
33a928944d6631b662b4e1cf96890f0c840d6e47c08449fbb6dac59b20477113ad6f3320624190f2ae5211fdef2a1e5176d1aeb5f1fe8e8380938b2079710bf3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads