8febbf2509f1f95beaee04016e27ff00ad1a2da56eba142c1745f5f83e5a87dd

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
Size

184KB
MD5

c8c68d0645cdda013645942b4f18c820
SHA1

382bbdd75d78724d0eb48e0c48809b9c0c1c39d8
SHA256

8febbf2509f1f95beaee04016e27ff00ad1a2da56eba142c1745f5f83e5a87dd
SHA512

49d14a4323a38037b1825547ae43fcf981bfaa436322292e8dff1b5d6ff501902f6fa6b783c5c31b1da4343a55b167294d98edd66af52df0327b8d26c3d584b0
SSDEEP

3072:bhanrxoTfJOmjl4We8yGn+bXhfUViFgn3:bh4oUsl4NG+bXhfUViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1624	Unicorn-28811.exe
2572	Unicorn-40714.exe
2544	Unicorn-60580.exe
2692	Unicorn-43533.exe
2844	Unicorn-43533.exe
2668	Unicorn-23667.exe
2936	Unicorn-63569.exe
2960	Unicorn-17898.exe
2672	Unicorn-19521.exe
2772	Unicorn-39387.exe
1856	Unicorn-26978.exe
1236	Unicorn-5811.exe
2204	Unicorn-34592.exe
1668	Unicorn-22894.exe
1984	Unicorn-52272.exe
688	Unicorn-48188.exe
540	Unicorn-28322.exe
3060	Unicorn-5064.exe
1172	Unicorn-42013.exe
284	Unicorn-26231.exe
1936	Unicorn-2324.exe
1064	Unicorn-43912.exe
1268	Unicorn-6408.exe
2252	Unicorn-43357.exe
1000	Unicorn-39273.exe
1864	Unicorn-31659.exe
1200	Unicorn-47441.exe
3064	Unicorn-39635.exe
760	Unicorn-53554.exe
1516	Unicorn-29604.exe
1744	Unicorn-13865.exe
2636	Unicorn-2168.exe
2628	Unicorn-26118.exe
2416	Unicorn-50814.exe
2024	Unicorn-39116.exe
2456	Unicorn-1613.exe
380	Unicorn-58790.exe
2840	Unicorn-51177.exe
2452	Unicorn-9397.exe
1808	Unicorn-34971.exe
2952	Unicorn-63237.exe
3008	Unicorn-17566.exe
1368	Unicorn-23273.exe
2812	Unicorn-43139.exe
2756	Unicorn-5868.exe
2076	Unicorn-29491.exe
2316	Unicorn-25407.exe
2192	Unicorn-35198.exe
1300	Unicorn-29299.exe
1332	Unicorn-50788.exe
904	Unicorn-39090.exe
3024	Unicorn-5671.exe
1768	Unicorn-47259.exe
2256	Unicorn-14031.exe
2868	Unicorn-22200.exe
576	Unicorn-63787.exe
2144	Unicorn-18116.exe
1640	Unicorn-10502.exe
2340	Unicorn-50596.exe
1972	Unicorn-51151.exe
2436	Unicorn-47067.exe
2584	Unicorn-62656.exe
2516	Unicorn-38706.exe
2996	Unicorn-5287.exe

Loads dropped DLL 64 IoCs

pid	Process
2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
1624	Unicorn-28811.exe
2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
1624	Unicorn-28811.exe
2572	Unicorn-40714.exe
2544	Unicorn-60580.exe
2572	Unicorn-40714.exe
2544	Unicorn-60580.exe
1624	Unicorn-28811.exe
1624	Unicorn-28811.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2544	Unicorn-60580.exe
2692	Unicorn-43533.exe
2544	Unicorn-60580.exe
2692	Unicorn-43533.exe
2572	Unicorn-40714.exe
2844	Unicorn-43533.exe
2572	Unicorn-40714.exe
2844	Unicorn-43533.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2724	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2724	WerFault.exe
2668	Unicorn-23667.exe
2668	Unicorn-23667.exe
2936	Unicorn-63569.exe
2936	Unicorn-63569.exe
2960	Unicorn-17898.exe
2960	Unicorn-17898.exe
2692	Unicorn-43533.exe
2692	Unicorn-43533.exe
2772	Unicorn-39387.exe
2772	Unicorn-39387.exe
2844	Unicorn-43533.exe
2672	Unicorn-19521.exe
2672	Unicorn-19521.exe
2844	Unicorn-43533.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
1732	WerFault.exe
1732	WerFault.exe
1732	WerFault.exe
1732	WerFault.exe
568	WerFault.exe
1732	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2712	2304	WerFault.exe	27
2000	1624	WerFault.exe	28
2724	2572	WerFault.exe	30
2656	2544	WerFault.exe	29
568	2692	WerFault.exe	33
1732	2668	WerFault.exe	34
1712	2844	WerFault.exe	32
1688	2936	WerFault.exe	36
2500	2960	WerFault.exe	37
3068	2772	WerFault.exe	39
2036	2672	WerFault.exe	38
1700	1856	WerFault.exe	42
2072	1236	WerFault.exe	43
988	2204	WerFault.exe	44
588	1668	WerFault.exe	45
348	540	WerFault.exe	47
1196	1984	WerFault.exe	46
2104	688	WerFault.exe	48
1476	3060	WerFault.exe	52
1760	1172	WerFault.exe	53
2900	284	WerFault.exe	54
1576	1936	WerFault.exe	55
1636	1064	WerFault.exe	56
2556	1268	WerFault.exe	57
2872	3064	WerFault.exe	62
2428	1200	WerFault.exe	61
2468	1000	WerFault.exe	59
2716	2252	WerFault.exe	58
2488	1864	WerFault.exe	60
2012	760	WerFault.exe	64
2512	1516	WerFault.exe	66
1932	1744	WerFault.exe	69
772	2024	WerFault.exe	73
1800	2416	WerFault.exe	72
3108	380	WerFault.exe	75
3204	2840	WerFault.exe	76
3216	3008	WerFault.exe	80
3264	2952	WerFault.exe	79
3324	1368	WerFault.exe	81
3360	1808	WerFault.exe	78
3772	2756	WerFault.exe	82
3796	2456	WerFault.exe	74
3812	2636	WerFault.exe	70
3848	2452	WerFault.exe	77
4012	2316	WerFault.exe	87
4020	2076	WerFault.exe	86
3188	2812	WerFault.exe	83
3504	2628	WerFault.exe	71
3576	2192	WerFault.exe	89
3676	1300	WerFault.exe	94
3748	2256	WerFault.exe	99
3080	1332	WerFault.exe	95
3092	2340	WerFault.exe	104
3168	576	WerFault.exe	101
3260	1972	WerFault.exe	105
3640	1640	WerFault.exe	103
3612	2144	WerFault.exe	102
3924	1980	WerFault.exe	118
3944	1488	WerFault.exe	112
4048	2676	WerFault.exe	114
3200	2584	WerFault.exe	107
3196	2996	WerFault.exe	109
3820	1364	WerFault.exe	116
3536	1244	WerFault.exe	117

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
1624	Unicorn-28811.exe
2572	Unicorn-40714.exe
2544	Unicorn-60580.exe
2844	Unicorn-43533.exe
2668	Unicorn-23667.exe
2692	Unicorn-43533.exe
2936	Unicorn-63569.exe
2960	Unicorn-17898.exe
2772	Unicorn-39387.exe
2672	Unicorn-19521.exe
1856	Unicorn-26978.exe
1236	Unicorn-5811.exe
2204	Unicorn-34592.exe
1668	Unicorn-22894.exe
1984	Unicorn-52272.exe
688	Unicorn-48188.exe
540	Unicorn-28322.exe
3060	Unicorn-5064.exe
1172	Unicorn-42013.exe
284	Unicorn-26231.exe
1936	Unicorn-2324.exe
1064	Unicorn-43912.exe
1268	Unicorn-6408.exe
1000	Unicorn-39273.exe
1200	Unicorn-47441.exe
2252	Unicorn-43357.exe
1864	Unicorn-31659.exe
3064	Unicorn-39635.exe
760	Unicorn-53554.exe
1516	Unicorn-29604.exe
1744	Unicorn-13865.exe
2636	Unicorn-2168.exe
2628	Unicorn-26118.exe
2416	Unicorn-50814.exe
2024	Unicorn-39116.exe
2456	Unicorn-1613.exe
380	Unicorn-58790.exe
2840	Unicorn-51177.exe
1808	Unicorn-34971.exe
2452	Unicorn-9397.exe
3008	Unicorn-17566.exe
2952	Unicorn-63237.exe
2812	Unicorn-43139.exe
1368	Unicorn-23273.exe
2756	Unicorn-5868.exe
2316	Unicorn-25407.exe
2076	Unicorn-29491.exe
2192	Unicorn-35198.exe
1300	Unicorn-29299.exe
1332	Unicorn-50788.exe
904	Unicorn-39090.exe
3024	Unicorn-5671.exe
1768	Unicorn-47259.exe
2256	Unicorn-14031.exe
576	Unicorn-63787.exe
2868	Unicorn-22200.exe
1640	Unicorn-10502.exe
2144	Unicorn-18116.exe
2340	Unicorn-50596.exe
1972	Unicorn-51151.exe
2436	Unicorn-47067.exe
2516	Unicorn-38706.exe
2584	Unicorn-62656.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1624	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	28
PID 2304 wrote to memory of 1624	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	28
PID 2304 wrote to memory of 1624	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	28
PID 2304 wrote to memory of 1624	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	28
PID 2304 wrote to memory of 2572	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	30
PID 2304 wrote to memory of 2572	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	30
PID 2304 wrote to memory of 2572	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	30
PID 2304 wrote to memory of 2572	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	30
PID 1624 wrote to memory of 2544	1624	Unicorn-28811.exe	29
PID 1624 wrote to memory of 2544	1624	Unicorn-28811.exe	29
PID 1624 wrote to memory of 2544	1624	Unicorn-28811.exe	29
PID 1624 wrote to memory of 2544	1624	Unicorn-28811.exe	29
PID 2304 wrote to memory of 2712	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	31
PID 2304 wrote to memory of 2712	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	31
PID 2304 wrote to memory of 2712	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	31
PID 2304 wrote to memory of 2712	2304	c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe	31
PID 2572 wrote to memory of 2844	2572	Unicorn-40714.exe	32
PID 2572 wrote to memory of 2844	2572	Unicorn-40714.exe	32
PID 2572 wrote to memory of 2844	2572	Unicorn-40714.exe	32
PID 2572 wrote to memory of 2844	2572	Unicorn-40714.exe	32
PID 2544 wrote to memory of 2692	2544	Unicorn-60580.exe	33
PID 2544 wrote to memory of 2692	2544	Unicorn-60580.exe	33
PID 2544 wrote to memory of 2692	2544	Unicorn-60580.exe	33
PID 2544 wrote to memory of 2692	2544	Unicorn-60580.exe	33
PID 1624 wrote to memory of 2668	1624	Unicorn-28811.exe	34
PID 1624 wrote to memory of 2668	1624	Unicorn-28811.exe	34
PID 1624 wrote to memory of 2668	1624	Unicorn-28811.exe	34
PID 1624 wrote to memory of 2668	1624	Unicorn-28811.exe	34
PID 1624 wrote to memory of 2000	1624	Unicorn-28811.exe	35
PID 1624 wrote to memory of 2000	1624	Unicorn-28811.exe	35
PID 1624 wrote to memory of 2000	1624	Unicorn-28811.exe	35
PID 1624 wrote to memory of 2000	1624	Unicorn-28811.exe	35
PID 2544 wrote to memory of 2936	2544	Unicorn-60580.exe	36
PID 2544 wrote to memory of 2936	2544	Unicorn-60580.exe	36
PID 2544 wrote to memory of 2936	2544	Unicorn-60580.exe	36
PID 2544 wrote to memory of 2936	2544	Unicorn-60580.exe	36
PID 2692 wrote to memory of 2960	2692	Unicorn-43533.exe	37
PID 2692 wrote to memory of 2960	2692	Unicorn-43533.exe	37
PID 2692 wrote to memory of 2960	2692	Unicorn-43533.exe	37
PID 2692 wrote to memory of 2960	2692	Unicorn-43533.exe	37
PID 2572 wrote to memory of 2672	2572	Unicorn-40714.exe	38
PID 2572 wrote to memory of 2672	2572	Unicorn-40714.exe	38
PID 2572 wrote to memory of 2672	2572	Unicorn-40714.exe	38
PID 2572 wrote to memory of 2672	2572	Unicorn-40714.exe	38
PID 2844 wrote to memory of 2772	2844	Unicorn-43533.exe	39
PID 2844 wrote to memory of 2772	2844	Unicorn-43533.exe	39
PID 2844 wrote to memory of 2772	2844	Unicorn-43533.exe	39
PID 2844 wrote to memory of 2772	2844	Unicorn-43533.exe	39
PID 2544 wrote to memory of 2656	2544	Unicorn-60580.exe	40
PID 2572 wrote to memory of 2724	2572	Unicorn-40714.exe	41
PID 2544 wrote to memory of 2656	2544	Unicorn-60580.exe	40
PID 2544 wrote to memory of 2656	2544	Unicorn-60580.exe	40
PID 2572 wrote to memory of 2724	2572	Unicorn-40714.exe	41
PID 2544 wrote to memory of 2656	2544	Unicorn-60580.exe	40
PID 2572 wrote to memory of 2724	2572	Unicorn-40714.exe	41
PID 2572 wrote to memory of 2724	2572	Unicorn-40714.exe	41
PID 2668 wrote to memory of 1856	2668	Unicorn-23667.exe	42
PID 2668 wrote to memory of 1856	2668	Unicorn-23667.exe	42
PID 2668 wrote to memory of 1856	2668	Unicorn-23667.exe	42
PID 2668 wrote to memory of 1856	2668	Unicorn-23667.exe	42
PID 2936 wrote to memory of 1236	2936	Unicorn-63569.exe	43
PID 2936 wrote to memory of 1236	2936	Unicorn-63569.exe	43
PID 2936 wrote to memory of 1236	2936	Unicorn-63569.exe	43
PID 2936 wrote to memory of 1236	2936	Unicorn-63569.exe	43

C:\Users\Admin\AppData\Local\Temp\c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c8c68d0645cdda013645942b4f18c820_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        11⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        13⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        14⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
        14⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        13⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        12⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        11⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
        10⤵
        Program crash
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
        9⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        10⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 200
        11⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        9⤵
        Program crash
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        12⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        13⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        13⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        12⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        11⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        Program crash
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        8⤵
        Program crash
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        11⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        12⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        13⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        13⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 220
        12⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
        10⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        11⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        12⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        13⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
        13⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
        11⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        9⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        11⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        12⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        13⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 236
        13⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
        12⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
        11⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        10⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        10⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        11⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        12⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
        11⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        9⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        8⤵
        Program crash
        
        PID:772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        10⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        11⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        12⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        13⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 236
        13⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        12⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        10⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        12⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        12⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        12⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        11⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
        9⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        8⤵
        Program crash
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        9⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        11⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 236
        12⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        11⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
        10⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
        8⤵
        Program crash
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
        7⤵
        Program crash
        
        PID:1636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        6⤵
        Program crash
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50596.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        12⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        13⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        13⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        12⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
        11⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        10⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
        9⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        11⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 220
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        8⤵
        Program crash
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        8⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        11⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        12⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        13⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        11⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        10⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        10⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        11⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 236
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        10⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        7⤵
        Program crash
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        7⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        11⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        8⤵
        Program crash
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        7⤵
        Program crash
        
        PID:3204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        6⤵
        Program crash
        
        PID:588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        11⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        12⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
        13⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        14⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        13⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        12⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        11⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        11⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        12⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 236
        13⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        12⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        11⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        11⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        12⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
        13⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        14⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 220
        14⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        13⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        12⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        9⤵
        Program crash
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        11⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        12⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        13⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 236
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 236
        12⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        12⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 236
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        9⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        8⤵
        Program crash
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
        8⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        11⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        12⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
        7⤵
        Program crash
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 236
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 216
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        10⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        11⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
        11⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 236
        10⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        7⤵
        Program crash
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        6⤵
        Program crash
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        12⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 236
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        10⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 220
        11⤵
        
        PID:404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        10⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        9⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 220
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        9⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        10⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        11⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
        10⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 216
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        7⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        11⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        12⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 236
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        9⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        10⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 220
        10⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
        9⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        8⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        
        PID:5084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
        6⤵
        Program crash
        
        PID:2900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        5⤵
        Program crash
        
        PID:1688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        13⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        13⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        12⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        11⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        11⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        12⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        11⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        10⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 220
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        11⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        12⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        12⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 236
        11⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        8⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        11⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        12⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        11⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        10⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 236
        11⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
        7⤵
        Program crash
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        10⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        11⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 236
        11⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        11⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 236
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 236
        10⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        8⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        7⤵
        Program crash
        
        PID:3576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        6⤵
        Program crash
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        8⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
        11⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 220
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
        11⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 236
        11⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        9⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33548.exe
        7⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        10⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
        10⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        8⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        7⤵
        Program crash
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        9⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        10⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        11⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        12⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        13⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
        13⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        12⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
        11⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
        10⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
        7⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
        7⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        6⤵
        Program crash
        
        PID:2512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        5⤵
        Program crash
        
        PID:1700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        9⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        12⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        13⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        11⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 236
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        10⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        11⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        12⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 236
        12⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
        11⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        9⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
        8⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        11⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 220
        12⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
        9⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        8⤵
        Program crash
        
        PID:3944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        7⤵
        Program crash
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        11⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        12⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        12⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 236
        11⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        9⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
        8⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        10⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        11⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 236
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        10⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        7⤵
        Program crash
        
        PID:3324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        6⤵
        Program crash
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        11⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        11⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        8⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        7⤵
        Program crash
        
        PID:3260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        6⤵
        Program crash
        
        PID:2488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        5⤵
        Program crash
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        10⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
        10⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        8⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        7⤵
        Program crash
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        7⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        10⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 236
        10⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 216
        8⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
        7⤵
        Program crash
        
        PID:3820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        6⤵
        Program crash
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
        9⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        10⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
        9⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        8⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        7⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        8⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 240
        9⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        8⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
        7⤵
        
        PID:4752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        6⤵
        Program crash
        
        PID:3772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        5⤵
        Program crash
        
        PID:348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        11⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        12⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        12⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 240
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 236
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        10⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        8⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        10⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        11⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        11⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
        10⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
        8⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        7⤵
        Program crash
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        10⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        11⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
        10⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        10⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        10⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        10⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        9⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        8⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        7⤵
        
        PID:4168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        6⤵
        Program crash
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        10⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        11⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 220
        11⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        9⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        9⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        8⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        7⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        10⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
        10⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        9⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        8⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        7⤵
        
        PID:4100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:3264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        5⤵
        Program crash
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        10⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        7⤵
        Program crash
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        6⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        9⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        10⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 236
        10⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        9⤵
        
        PID:108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        8⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
        7⤵
        
        PID:5324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        6⤵
        Program crash
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6034.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        9⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        9⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        8⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        7⤵
        
        PID:5656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        6⤵
        Program crash
        
        PID:3924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        5⤵
        Program crash
        
        PID:2872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
      4⤵
      Program crash
      PID:2036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
  2⤵
  - Program crash
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe

Filesize
184KB

MD5
0a91325e66e083d96d4d18c8d6663d81

SHA1
f2fc16ca92800f0720ceedc719c7b13c1f107a64

SHA256
d1aadd98ccf720f8596a30f25741ef703d15865ce741f4044048c96a168a2716

SHA512
68c68dddf98d3bddcea35c0b23e39935f5a5adb072431d40d2cdbb51283a201eeba99e3b377d6c62daa4800dab3a23d80e9d47f3eb86a09e22ad5c69bfa6b284

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe

Filesize
184KB

MD5
7fbab72b19417548cfbe1f7059edde92

SHA1
cc5a952bf5b28217c723e5cbb0de81e32248f44f

SHA256
408166149b109e6df43a83ed210273b9093e031b3cded7b4daaf8609d4845207

SHA512
9fbbafd0a01ef01cdd89038aafac17b3fefa24e55f5d06a162bd77aa5c3d6abefa9ff4daf077045e89a7595e4731d7918d9bbe434cc50fbdea393b6d753315e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe

Filesize
184KB

MD5
ed05cd6171749b7534f3c45ca61031c3

SHA1
12eb45da6c383d8a7cdbf2815360908d499fa3e3

SHA256
788803e81101bfb6e08b86a5a0815583cfd135d7354cf1a63918a0e452104167

SHA512
80883f74eae7b99ce93582d634bef5789032c0f6d5c5e3484f5cb4e1baba00d360389c236b1b481c6b15a6a3d77cce59c9bcbaee2f4ec5d1def650b31424944d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe

Filesize
184KB

MD5
16efd774daec81db0d037515dc46b29c

SHA1
2b44882286d6c8a3f2593a882d6aa5f876f89672

SHA256
d37e4ed35ccd2ecbb46138adbabb8474cf6f0d0a6915d7c4b0400b01bf3fe0ca

SHA512
ba901e87b8de19d6ac5e6fa038e74dbf7ef697e7936517c21fdd907ad13a4cc7277a8795fc30ad3d05f7262638574b7fa55d3bd0c9211c5aad756c4f0f3470d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe

Filesize
184KB

MD5
b8c98148ce9a67d3bd296b4fc008fec2

SHA1
d8109809b6b12dfe577ff22809140b1b4a099c5b

SHA256
bbe668d131579e02d1b65fa5e78bfb8bd731b736c3c556a65d6f9605ba1a3987

SHA512
e853434a139d88cb32659da88b982633276f27986c66e751ede37f10d8e288938f57a33fcad0d5540b20c7c9ed2864de141836b40e6104a4ce76837b6460bbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe

Filesize
184KB

MD5
ffa64cd13899b5f060182ad67710fbe6

SHA1
3ea7b35ae1745380bd976609614de5fd3be33fa0

SHA256
49ba89013fcc73d48ad4c0271fe0ae6c4c5b2e201688d925006fc2a4fb3e7070

SHA512
575f54d0111ec93d7c865871b6e83b0911edfec3339823e64dd99fbb36dbd24be6bcac684adf41a8b0b5aa5e9371f12f8562d926ed0fdced502b4fef5682d305

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe

Filesize
184KB

MD5
45dac3bdabc228fdf12d585c9ac845c4

SHA1
640ece42dc2d05dc061cb1d67ee20694e96e02d3

SHA256
61630f9e4141b6402cc44c2a368bdeccd7eb1e0ad718f543d69ddced43a28f30

SHA512
44d34280adcace6e4e28d12e240ea24b8d0a2c8853bd335e68d082c955d4b96e4d47710fc10a18778b99bd328376f6120f08c73582ddb246dff6e97472648a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe

Filesize
184KB

MD5
227f183008eabe563731427cf6a72f84

SHA1
00884a3a008a205eabef0aa4cef75bbfb94c0f73

SHA256
0e645664bc36e91752d7b9c08eeff42849500a53ff05c4c309516bdbbccc5c69

SHA512
5c75b0d35a97e2fb7e88b8f67f21fc3e1bb4a1c8a966618bfa44d9b6dd3ab99470e2ec57027f55bd42bd035dc17d36536560b715f79159b700cd3540da2510d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe

Filesize
184KB

MD5
855d6e72da18c42cc54b12b68e057949

SHA1
dd086ec49075639b7f643fb6d4c1869d7e2b580b

SHA256
e4e75dc4fb32bf2075f72f1f15428ccee07b6ca5b64507a3fa975c0d9b663ac2

SHA512
12b58de2f4f4a76faf44132c8e1b8d1e55f45a642b09b6b0cb5ba2b2da37f122044cccffffa102a6b2d6c82e50305beaeb5569b92881b23c7d2a92a0d4fe4085

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe

Filesize
184KB

MD5
9c17757192eea133fb5ce927ce8db562

SHA1
981f2de63c7db7b3a9d42e0ed876bfa853dd75a7

SHA256
736019587d1ef7c08e05747a5b877f4406a43fa166f387999da10edc99133284

SHA512
8b29353e7092e4f5a78a62017283d8c42a01b169472cf3f74545cb0c4395ed80c8c32235d9a4cd01d73146a2b7d65d73e9dd73523ee900a5d3237c0e75b77b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe

Filesize
184KB

MD5
e77a808a88b92d7957f99e5488e6b30f

SHA1
5019090f354fb7c22bb7b33a53fe892a8ad91ffe

SHA256
adcf79c257492a007fad6dc6267540acc3061242533648855029654bee5132dc

SHA512
c9577f4b29d1618806e99243bf73cafb3da27120a0ac6c28de1fde172d5dd3db6fb144f383adcb2e400fdcf6417e6ddb3044e73ec9a1952cec9526daefcdbf52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe

Filesize
184KB

MD5
47f66defd95ab26d99fbd58e82c218a9

SHA1
96b56bf49e60a90f5a23f7844acfe5ac13a13c5d

SHA256
d31fa9fbc55f3fb86bb9a7af3cab73329d8297cba236f8b34006669a16a85ce4

SHA512
834836bd6fb53988d9ee18aabdd1a41882cf1727359a1445fbd6c6142a805902062365a4d00ac51500e2b52c1d9d3bb1fd593142871b22a472bd01662c0c4b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe

Filesize
184KB

MD5
d2c533671a81c59cdd105501c4bf115a

SHA1
b676e867f25c52c39bb68016b3d706be7155d6da

SHA256
be6e7a8720eab1838d53a757bd69e2cacaf7d5911c23ecd7ccd75329071d3349

SHA512
a162526fb6e439cf7b4ae9bfc4c27370b1497aaa92d07efad980c83b97f846bdd4f422458e898f44d837030f8740026ff96e2babcc9cd8fa812da3171261649f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe

Filesize
184KB

MD5
4fdc1d50b52f1c05784a641609fd08ca

SHA1
c1fe0f3335f1eec484a71174a33912d7df21fa20

SHA256
b399cf4a6b9204ca4117400bdc96b2f4d6f2b354c925172d0963318b9c90e1e2

SHA512
b613074c64196942e5699ca5671564206d4718e12457e7479cf2a68820a9e9811995dbb855eaf34f2c9b7fd9b0fb0a92763cf8272a3ca958bfdf1c49c01ae647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe

Filesize
184KB

MD5
23f3bd0ed4b7cd238cb0b156c87524ed

SHA1
8ccced8577980cc4f999ce5cccd00cb944c2fc85

SHA256
621aac57336a7289a79b232f5f3ad22afa109718997f57f4d8326cb36583fd63

SHA512
5aba77dc6b285a7f3f56b3b00bcdb759c918afdd329b005fe08e9c2e235f4dc82787e846e19bb592e92814e0c62be26878fd8b1856fee9e6c335a96a2612f355

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe

Filesize
184KB

MD5
49809026515b26fadfcf4ecb0a3fb598

SHA1
5df9005e5c0e43e27047fd8e17cda3a27873628a

SHA256
1bc32e4ed27bf543153e0f5939666f7f4d01c83802e952c9c17322714a762b10

SHA512
bd25033b15935ac9f99e077957c5ea87ec30ad1193b5bbbd82897747648f309d37aa12fb06df3b1f912c2d9057db8aca0e5acd4005f05774a58e45d75ca4435b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe

Filesize
184KB

MD5
3c2161a395882b6d666c0fa9d1483397

SHA1
7a0b2c257d402ad84e541b2c0c5e300d7497ea03

SHA256
d96d2f6202b1e8ef739abe30702efdf3737db2e6a5684f6845cd7e8f729594b2

SHA512
18e4cde817dd7867c3a4b4a71ecc5591449d8c40cc5ac126e83838620dfb274567f8141bc413a61d9efedd4b1f4962a62502c8755013dab9a5b3e6284e0d76d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe

Filesize
184KB

MD5
1a7db92c8d74e34a42d90a6582b7d344

SHA1
764d645fca08823ce278e84e3316b36a1ed18b43

SHA256
9a82020e2a0eb676117c85b6294b9e6a5a4c915a13dd8c7394706b15fbefe3db

SHA512
5b2f28a3eabda024ac0aba6f8956c17d024f07a7c24adba0e140cab02efac8b62a707a2d8a7d2d9b10676d81898accefa627acb0486e676c8697c037660d8425

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe

Filesize
184KB

MD5
b288e6a654c3f8da34116536f317748f

SHA1
249adab8c81f1dcc066d2ee8dcccf316c8353ba2

SHA256
f86768fd5d71eab2314bd0e69a1162d31b84dfe5b149aace2db295bab018ebd8

SHA512
3749114d1a233e0f6ff8bffdeb752c3d9c8cb12e27c675ab7ed603aba2d089d5fc9c8ed702a5b8df1dc5e7ee6b4449d28e76c282be0a29fe5455e161a072eaa8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe

Filesize
184KB

MD5
ce6f55e0600b9b24a2e6bfd94dabe778

SHA1
1e18b5449174783f2928ad8412903fe4c1ee0565

SHA256
7ef2107cfb194d1963c75f0eacbcb90f228307d4358ad4eaee9e186f40eaf6cb

SHA512
121296f831c6d908c1f8bfe4271e22d6385304c92fd663077c8e0c60ce7a029a438226438b6402e79f52ccea301afb08d0264d8e93490d80d6b5e7ea9db23967

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe

Filesize
184KB

MD5
298bf4fc4edf84d1c063c1fc609e356d

SHA1
d03b74e06aaf1870eae36cce6135d72ddd3df996

SHA256
6e8ff4dcd42bd96efee0d66dc834320321f949ad0f229922e96dbdf7800a38b8

SHA512
fd17bede5fdc0c4188f26808b0cab4cd3be43dfecb0555f1c3184ad2c9e60b2e0318897ec16049bfdbce682659d59e16f5f5cbc440ee05f4964d7e75274fcc78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe

Filesize
184KB

MD5
293115e266ee506405519b6295914a78

SHA1
5890c68f856c76fa198500d402b5ef4543b1c7c3

SHA256
030e2f7d68efe1ad45cdcf6b739a11cc3c9ba14e3b5400835427ae5a81b17db2

SHA512
554decca81ed26ee135383fa2315432be4d1741ebf00e7e251c74df235d9e33ecc93ea95bb11407b18d22c407de2716ae0b128c543fbcf10d66706df7f5b2899

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads