f636573e684741f8bf6ea009dafc065ef0bcb7369c8cc846caa6213c0bfe955a

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
Size

184KB
MD5

72740f8b247631b369f2db85ebe480c0
SHA1

c53c7bfd9c2db3cf06bc22d98cc0b10c5d35f55c
SHA256

f636573e684741f8bf6ea009dafc065ef0bcb7369c8cc846caa6213c0bfe955a
SHA512

b75173f1365ae4e03188eaf58a1ad9151418b1c9a304559dcc8d5e798af7de2d8e265c7b2f8ff4f749a2debfaa8228671f16aff7ebb811423ab60539a48b78fe
SSDEEP

3072:ttcfsxouqjEdUifeh0LaBnKhlwwiFSnY:tt5o9AUi/L6nKhlwwiFS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1896	Unicorn-22213.exe
2608	Unicorn-1149.exe
2708	Unicorn-62088.exe
2892	Unicorn-17301.exe
2828	Unicorn-55148.exe
2340	Unicorn-33317.exe
2532	Unicorn-15746.exe
2648	Unicorn-11147.exe
2108	Unicorn-18899.exe
1780	Unicorn-16630.exe
2388	Unicorn-19475.exe
2368	Unicorn-49687.exe
840	Unicorn-52339.exe
2560	Unicorn-54732.exe
320	Unicorn-23212.exe
980	Unicorn-7944.exe
1048	Unicorn-48790.exe
572	Unicorn-3118.exe
2360	Unicorn-53196.exe
744	Unicorn-18255.exe
2320	Unicorn-18255.exe
1888	Unicorn-27447.exe
1556	Unicorn-58043.exe
280	Unicorn-58391.exe
1136	Unicorn-61961.exe
2276	Unicorn-3876.exe
2400	Unicorn-54338.exe
1612	Unicorn-52200.exe
1968	Unicorn-37125.exe
876	Unicorn-1800.exe
2412	Unicorn-4452.exe
2028	Unicorn-50316.exe
3048	Unicorn-4644.exe
2620	Unicorn-21939.exe
2592	Unicorn-41674.exe
2488	Unicorn-54481.exe
3056	Unicorn-53075.exe
1976	Unicorn-345.exe
2524	Unicorn-53075.exe
2872	Unicorn-63713.exe
2824	Unicorn-55607.exe
836	Unicorn-21057.exe
1112	Unicorn-53729.exe
2152	Unicorn-34055.exe
2032	Unicorn-34055.exe
1012	Unicorn-65488.exe
2820	Unicorn-51653.exe
2988	Unicorn-21633.exe
2036	Unicorn-21633.exe
2984	Unicorn-51845.exe
1908	Unicorn-1959.exe
1552	Unicorn-60408.exe
2100	Unicorn-32815.exe
804	Unicorn-53449.exe
2120	Unicorn-32021.exe
2160	Unicorn-35878.exe
1468	Unicorn-35878.exe
2168	Unicorn-31471.exe
1516	Unicorn-49583.exe
2556	Unicorn-36646.exe
2944	Unicorn-62774.exe
2700	Unicorn-16972.exe
2328	Unicorn-8524.exe
1508	Unicorn-42095.exe

Loads dropped DLL 64 IoCs

pid	Process
1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
1896	Unicorn-22213.exe
1896	Unicorn-22213.exe
1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
1896	Unicorn-22213.exe
1896	Unicorn-22213.exe
2708	Unicorn-62088.exe
2708	Unicorn-62088.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2892	Unicorn-17301.exe
2892	Unicorn-17301.exe
2828	Unicorn-55148.exe
2828	Unicorn-55148.exe
2708	Unicorn-62088.exe
2708	Unicorn-62088.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
2340	Unicorn-33317.exe
2340	Unicorn-33317.exe
2892	Unicorn-17301.exe
2892	Unicorn-17301.exe
2532	Unicorn-15746.exe
2532	Unicorn-15746.exe
2828	Unicorn-55148.exe
2828	Unicorn-55148.exe
2648	Unicorn-11147.exe
2648	Unicorn-11147.exe
2860	WerFault.exe
2860	WerFault.exe
2860	WerFault.exe
2860	WerFault.exe
2860	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
1780	Unicorn-16630.exe
1780	Unicorn-16630.exe
2368	Unicorn-49687.exe
2368	Unicorn-49687.exe
2108	Unicorn-18899.exe
2108	Unicorn-18899.exe
2340	Unicorn-33317.exe
2340	Unicorn-33317.exe
840	Unicorn-52339.exe
840	Unicorn-52339.exe
2388	Unicorn-19475.exe
2388	Unicorn-19475.exe
2648	Unicorn-11147.exe
2532	Unicorn-15746.exe
2648	Unicorn-11147.exe
2532	Unicorn-15746.exe
2272	WerFault.exe
2272	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2740	1008	WerFault.exe	27
2528	1896	WerFault.exe	28
1432	2708	WerFault.exe	30
2860	2892	WerFault.exe	32
2000	2828	WerFault.exe	33
2272	2340	WerFault.exe	35
2376	2532	WerFault.exe	36
1212	2648	WerFault.exe	37
2572	1780	WerFault.exe	40
2680	2368	WerFault.exe	42
2580	2108	WerFault.exe	39
2512	840	WerFault.exe	43
2476	2388	WerFault.exe	41
1400	2560	WerFault.exe	46
924	320	WerFault.exe	47
780	980	WerFault.exe	48
1288	2360	WerFault.exe	51
1292	1048	WerFault.exe	49
2904	744	WerFault.exe	52
776	572	WerFault.exe	50
1568	2320	WerFault.exe	53
1464	2152	WerFault.exe	84
2172	2032	WerFault.exe	85
2112	1556	WerFault.exe	58
696	1888	WerFault.exe	57
2072	1136	WerFault.exe	60
2920	280	WerFault.exe	59
3044	2276	WerFault.exe	61
2724	2028	WerFault.exe	67
2720	1612	WerFault.exe	63
2564	1968	WerFault.exe	64
1712	2400	WerFault.exe	62
1584	2412	WerFault.exe	66
1268	3048	WerFault.exe	68
2116	876	WerFault.exe	65
2876	2620	WerFault.exe	71
3152	1976	WerFault.exe	77
3252	2524	WerFault.exe	79
3244	2872	WerFault.exe	80
3356	2488	WerFault.exe	73
3380	1012	WerFault.exe	86
3388	2988	WerFault.exe	88
3480	1908	WerFault.exe	91
3508	836	WerFault.exe	82
3580	2592	WerFault.exe	72
3628	2984	WerFault.exe	90
3648	3056	WerFault.exe	78
3800	2820	WerFault.exe	87
3860	2036	WerFault.exe	89
3880	2824	WerFault.exe	81
3904	1112	WerFault.exe	83
4012	1552	WerFault.exe	94
3100	2100	WerFault.exe	95
3276	2168	WerFault.exe	106
3108	2812	WerFault.exe	114
3224	2852	WerFault.exe	121
3212	700	WerFault.exe	125
3608	1760	WerFault.exe	117
3704	2868	WerFault.exe	124
3988	2244	WerFault.exe	130
3996	1616	WerFault.exe	131
3948	2632	WerFault.exe	134
3160	1468	WerFault.exe	105
3692	1700	WerFault.exe	142

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
1896	Unicorn-22213.exe
2708	Unicorn-62088.exe
2892	Unicorn-17301.exe
2828	Unicorn-55148.exe
2340	Unicorn-33317.exe
2532	Unicorn-15746.exe
2648	Unicorn-11147.exe
2108	Unicorn-18899.exe
1780	Unicorn-16630.exe
2388	Unicorn-19475.exe
2368	Unicorn-49687.exe
840	Unicorn-52339.exe
2560	Unicorn-54732.exe
320	Unicorn-23212.exe
980	Unicorn-7944.exe
1048	Unicorn-48790.exe
2360	Unicorn-53196.exe
572	Unicorn-3118.exe
744	Unicorn-18255.exe
2320	Unicorn-18255.exe
1888	Unicorn-27447.exe
1556	Unicorn-58043.exe
280	Unicorn-58391.exe
1136	Unicorn-61961.exe
2276	Unicorn-3876.exe
2400	Unicorn-54338.exe
1968	Unicorn-37125.exe
1612	Unicorn-52200.exe
876	Unicorn-1800.exe
2412	Unicorn-4452.exe
2028	Unicorn-50316.exe
3048	Unicorn-4644.exe
2620	Unicorn-21939.exe
2592	Unicorn-41674.exe
2488	Unicorn-54481.exe
3056	Unicorn-53075.exe
1976	Unicorn-345.exe
2524	Unicorn-53075.exe
2872	Unicorn-63713.exe
2824	Unicorn-55607.exe
836	Unicorn-21057.exe
1112	Unicorn-53729.exe
2032	Unicorn-34055.exe
2152	Unicorn-34055.exe
1012	Unicorn-65488.exe
2988	Unicorn-21633.exe
2984	Unicorn-51845.exe
2036	Unicorn-21633.exe
2820	Unicorn-51653.exe
1908	Unicorn-1959.exe
1552	Unicorn-60408.exe
2100	Unicorn-32815.exe
804	Unicorn-53449.exe
2120	Unicorn-32021.exe
2160	Unicorn-35878.exe
1468	Unicorn-35878.exe
1516	Unicorn-49583.exe
2168	Unicorn-31471.exe
2556	Unicorn-36646.exe
2944	Unicorn-62774.exe
2700	Unicorn-16972.exe
2328	Unicorn-8524.exe
1508	Unicorn-42095.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1896	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	28
PID 1008 wrote to memory of 1896	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	28
PID 1008 wrote to memory of 1896	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	28
PID 1008 wrote to memory of 1896	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	28
PID 1896 wrote to memory of 2608	1896	Unicorn-22213.exe	29
PID 1896 wrote to memory of 2608	1896	Unicorn-22213.exe	29
PID 1896 wrote to memory of 2608	1896	Unicorn-22213.exe	29
PID 1896 wrote to memory of 2608	1896	Unicorn-22213.exe	29
PID 1008 wrote to memory of 2708	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	30
PID 1008 wrote to memory of 2708	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	30
PID 1008 wrote to memory of 2708	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	30
PID 1008 wrote to memory of 2708	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	30
PID 1008 wrote to memory of 2740	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	31
PID 1008 wrote to memory of 2740	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	31
PID 1008 wrote to memory of 2740	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	31
PID 1008 wrote to memory of 2740	1008	72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe	31
PID 1896 wrote to memory of 2892	1896	Unicorn-22213.exe	32
PID 1896 wrote to memory of 2892	1896	Unicorn-22213.exe	32
PID 1896 wrote to memory of 2892	1896	Unicorn-22213.exe	32
PID 1896 wrote to memory of 2892	1896	Unicorn-22213.exe	32
PID 2708 wrote to memory of 2828	2708	Unicorn-62088.exe	33
PID 2708 wrote to memory of 2828	2708	Unicorn-62088.exe	33
PID 2708 wrote to memory of 2828	2708	Unicorn-62088.exe	33
PID 2708 wrote to memory of 2828	2708	Unicorn-62088.exe	33
PID 1896 wrote to memory of 2528	1896	Unicorn-22213.exe	34
PID 1896 wrote to memory of 2528	1896	Unicorn-22213.exe	34
PID 1896 wrote to memory of 2528	1896	Unicorn-22213.exe	34
PID 1896 wrote to memory of 2528	1896	Unicorn-22213.exe	34
PID 2892 wrote to memory of 2340	2892	Unicorn-17301.exe	35
PID 2892 wrote to memory of 2340	2892	Unicorn-17301.exe	35
PID 2892 wrote to memory of 2340	2892	Unicorn-17301.exe	35
PID 2892 wrote to memory of 2340	2892	Unicorn-17301.exe	35
PID 2828 wrote to memory of 2532	2828	Unicorn-55148.exe	36
PID 2828 wrote to memory of 2532	2828	Unicorn-55148.exe	36
PID 2828 wrote to memory of 2532	2828	Unicorn-55148.exe	36
PID 2828 wrote to memory of 2532	2828	Unicorn-55148.exe	36
PID 2708 wrote to memory of 2648	2708	Unicorn-62088.exe	37
PID 2708 wrote to memory of 2648	2708	Unicorn-62088.exe	37
PID 2708 wrote to memory of 2648	2708	Unicorn-62088.exe	37
PID 2708 wrote to memory of 2648	2708	Unicorn-62088.exe	37
PID 2708 wrote to memory of 1432	2708	Unicorn-62088.exe	38
PID 2708 wrote to memory of 1432	2708	Unicorn-62088.exe	38
PID 2708 wrote to memory of 1432	2708	Unicorn-62088.exe	38
PID 2708 wrote to memory of 1432	2708	Unicorn-62088.exe	38
PID 2340 wrote to memory of 2108	2340	Unicorn-33317.exe	39
PID 2340 wrote to memory of 2108	2340	Unicorn-33317.exe	39
PID 2340 wrote to memory of 2108	2340	Unicorn-33317.exe	39
PID 2340 wrote to memory of 2108	2340	Unicorn-33317.exe	39
PID 2892 wrote to memory of 1780	2892	Unicorn-17301.exe	40
PID 2892 wrote to memory of 1780	2892	Unicorn-17301.exe	40
PID 2892 wrote to memory of 1780	2892	Unicorn-17301.exe	40
PID 2892 wrote to memory of 1780	2892	Unicorn-17301.exe	40
PID 2532 wrote to memory of 2388	2532	Unicorn-15746.exe	41
PID 2532 wrote to memory of 2388	2532	Unicorn-15746.exe	41
PID 2532 wrote to memory of 2388	2532	Unicorn-15746.exe	41
PID 2532 wrote to memory of 2388	2532	Unicorn-15746.exe	41
PID 2828 wrote to memory of 2368	2828	Unicorn-55148.exe	42
PID 2828 wrote to memory of 2368	2828	Unicorn-55148.exe	42
PID 2828 wrote to memory of 2368	2828	Unicorn-55148.exe	42
PID 2828 wrote to memory of 2368	2828	Unicorn-55148.exe	42
PID 2648 wrote to memory of 840	2648	Unicorn-11147.exe	43
PID 2648 wrote to memory of 840	2648	Unicorn-11147.exe	43
PID 2648 wrote to memory of 840	2648	Unicorn-11147.exe	43
PID 2648 wrote to memory of 840	2648	Unicorn-11147.exe	43

C:\Users\Admin\AppData\Local\Temp\72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\72740f8b247631b369f2db85ebe480c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
    3⤵
    - Executes dropped EXE
    PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        11⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        12⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        13⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        14⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        15⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 220
        15⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        14⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        13⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        12⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        11⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        10⤵
        Program crash
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
        9⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        12⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        13⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        13⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        11⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        9⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        8⤵
        Program crash
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        9⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        11⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        12⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        13⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        14⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        14⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        13⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        12⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54685.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        12⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        13⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
        13⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 220
        12⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        11⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        13⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 220
        11⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        9⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        8⤵
        Program crash
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        7⤵
        Program crash
        
        PID:780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        6⤵
        Program crash
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
        11⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        12⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        13⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        14⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 204
        14⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 220
        13⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        11⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        11⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        12⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        13⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 220
        13⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        12⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 220
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        11⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        12⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 240
        13⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 220
        12⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 220
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        8⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        11⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        12⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 220
        13⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        12⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        10⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        10⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        11⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 216
        12⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 220
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 220
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        7⤵
        Program crash
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        7⤵
        Program crash
        
        PID:1464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 220
        6⤵
        Program crash
        
        PID:1292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
        11⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        12⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        13⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        14⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        14⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 220
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        12⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
        11⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        12⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        13⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
        13⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        12⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
        9⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        Program crash
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        11⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        12⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 220
        13⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        12⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        11⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        10⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        7⤵
        Program crash
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        8⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        10⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        11⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        12⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
        13⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        11⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
        12⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        11⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        11⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        12⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        12⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 220
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        9⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        8⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        7⤵
        Program crash
        
        PID:3356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        6⤵
        Program crash
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54122.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        10⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        11⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        12⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 236
        13⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        12⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        10⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        9⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        12⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        13⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 236
        12⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
        11⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        11⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        12⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
        12⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        11⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        8⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        7⤵
        Program crash
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        11⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        12⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
        13⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        12⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        11⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        12⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        10⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        11⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        11⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 236
        10⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        Program crash
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        6⤵
        Program crash
        
        PID:2112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        5⤵
        Program crash
        
        PID:2572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        9⤵
        Program crash
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        Program crash
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        12⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        13⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 220
        14⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        13⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        12⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        11⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        10⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
        9⤵
        Program crash
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        12⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        13⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
        13⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        12⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        8⤵
        Program crash
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        7⤵
        Program crash
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        11⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
        12⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        13⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        14⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        14⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        13⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        12⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        11⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        12⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
        13⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        10⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 220
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        12⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        13⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 204
        13⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        12⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 220
        8⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28326.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        13⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        13⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 220
        12⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 216
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
        9⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        Program crash
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        7⤵
        Program crash
        
        PID:2116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        6⤵
        Program crash
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        12⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        13⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        14⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 220
        14⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        13⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        11⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        12⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        13⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 220
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 220
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        8⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        11⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        12⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2044.exe
        13⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
        13⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
        12⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        10⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        11⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
        12⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
        11⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 220
        9⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
        7⤵
        Program crash
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        12⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        13⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
        13⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        12⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        12⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        12⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        11⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        11⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        12⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 220
        12⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 220
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        7⤵
        Program crash
        
        PID:3628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        6⤵
        Program crash
        
        PID:1568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Program crash
        
        PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        8⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33785.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        11⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        12⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        13⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 220
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        11⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        11⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 220
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        11⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
        12⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        13⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        13⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        12⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 236
        11⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        9⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60374.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        11⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        9⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        8⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        11⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        12⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        10⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        7⤵
        Program crash
        
        PID:3152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        6⤵
        Program crash
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        11⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        13⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        12⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        11⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 220
        12⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        11⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        9⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 220
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        7⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        11⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        12⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
        12⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        11⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 220
        10⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 220
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46888.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        10⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        11⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
        10⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        7⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        7⤵
        Program crash
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
        6⤵
        Program crash
        
        PID:2072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        5⤵
        Program crash
        
        PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38585.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        11⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        12⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        12⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
        9⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        8⤵
        Program crash
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
        7⤵
        Program crash
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        12⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        13⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 220
        13⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 220
        11⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        9⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        11⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        6⤵
        Program crash
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        12⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        13⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        13⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 220
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        10⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        11⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        11⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        10⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        7⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19139.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17456.exe
        11⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 220
        12⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 236
        11⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 216
        8⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 240
        7⤵
        Program crash
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
        8⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        7⤵
        Program crash
        
        PID:3608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Program crash
        
        PID:2724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        5⤵
        Program crash
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        12⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        11⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        9⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        10⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        10⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        8⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        7⤵
        
        PID:4308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:2172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
        5⤵
        Program crash
        
        PID:2904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
      4⤵
      Program crash
      PID:1212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
  2⤵
  - Program crash
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe

Filesize
184KB

MD5
e74ad4b7c01797236b0abffd9e122fc0

SHA1
78efb4b7f3523abe8f23dde5e7b398b0a92eff96

SHA256
3a469c1f1c1025df98456711f6c51e57135bfc2d02fd29e69f4710c816e8e363

SHA512
d2742a452cb27566a0b274dae9ffedd9b9911dbc01c50fa5d85e8596f717d5e4f8ac3d1d227a50743af273b2d79d0dabac0357167515f3fa259c4a0e9b49ac58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe

Filesize
184KB

MD5
781e87573d3a8cbfc955920356971c14

SHA1
354cb7f54f24a4d5efe44159106655f64b03ccba

SHA256
76216a41286d01fa9fd2526fdd4a61588e635a4c774b9a9b4c266a8cdcfe1cbf

SHA512
93d28d5b5b228e092468b98f52af1b6703ed46ce49bfbe46a6e858e34d4ef6e48119826ea79be4e4bf403e3efe7e4ab335f6ad98484aeee7c7486e8b772f8251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe

Filesize
184KB

MD5
bdec498d00cf47fd873007013e86e217

SHA1
c5150332ad57b19b7f0ca200f9ef19124e3e7428

SHA256
3f64c8abc477e2d7d75189e4b839942efd729087a0f358db4bd898d1bafe3eac

SHA512
04b54f888b5d0debbe11fef950a5d0ae37515ac2b4f557a89a95a2ecb3ae563c6f22d7db39e12ec6e8d8f0d80d6109122ddb05fb4ec4e16e921f78d2373a9dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe

Filesize
184KB

MD5
65bac52f9efa4e76d6ca7aa59c7c3e40

SHA1
2eec0e0f1081fb5e9cf4690b33709bc4a39c6f49

SHA256
cb138f29ffd4d489be802dcc777d9648cb48e5663023f13ba2fffc419ba4ceea

SHA512
d1579f08f34a6c2021146d12acc5fb19c98d255db8594fd37b0fe5f178ab2edb8d40a2103b992c28c76575bdfac49c6c51781113f0d9eae401f59b809ac9ab21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe

Filesize
184KB

MD5
d571378042d95fe0d01028604c7a8b50

SHA1
8c79f519477d3aa211cf246b071e780a1ee2a9d4

SHA256
2070a796a47b622c3b99efb8e809cf642598af4cae79f1e51e9bd4e79955cd1a

SHA512
7cf55784979adebf0db8a6e4c4242177f8f4f3182572941ef12717db02791c55cec4921e9490630019ad08539d7d476b3553228bf4ac779a54885fbe69dcf383

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe

Filesize
184KB

MD5
842a826c958e80a937ec47d4bec7d7dd

SHA1
bc78ed23ce5ac4b512ef950f1ecd794daebd3347

SHA256
7abe106812d6bda412444abfdc417f35b2042fe2545c7c8ba42965f54be9b7da

SHA512
20baa26bc1fb7aa8cc192622a0216cec2a41884c57b7d3673c3d0b92a3a196a7aed903b2d2c4f66a7a737c14f2b091b7ee9e12d485d7a31f55046828afffc9a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe

Filesize
184KB

MD5
eb9edabad19a07dfd9b446941a76418c

SHA1
e0d9754996affddbcb09b8f8e88ff528b80122ff

SHA256
e5dff788b35108a9f86633b7700328fcdaee8b05b57985d379758af3ab26400e

SHA512
145c5926069aba58787ebaad73476a3adaa0f767b193d9b3d77d46492485d9c055ed7f9f196aca0c062ae6c60c78a1464726872f5278edd60c662f6d1cf09c9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe

Filesize
184KB

MD5
352744e21b343f2f0d0d344936557ad0

SHA1
40182be14df1dff7a17cbcf5fe0dd012586b7ce2

SHA256
40cdb4adef15108e95c475ac7f6abd25183d49d0da82ac566925820b790baccc

SHA512
a42b8081e3e87a397bb9234bbcb50c8d8e75a3a0e702e3385e5f98062185586dce1c8c3a1b22b81f26b41319f79083c9babae3ec9d5da1d454e615e8159b0b0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe

Filesize
184KB

MD5
89ae8db6606ab172286d2d3bdec67b1c

SHA1
9c17ffae06f80a878e0988674090d4c6e341f03e

SHA256
f38129aade15cf3e617b3ec7a400b2eb95bbae27fcddd18e81ff504844a8144b

SHA512
7f738206b487d3ce5487a6aeec9d60d6420362b22086dabed2cb2f6c1cccddfd5a5214fc971042042ca406b4bd9b5c2064ee7f7476af66eb1297254e5dc04ee6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe

Filesize
184KB

MD5
5eb6ccc39374908c77273226f0cfbd96

SHA1
e6ffc6e2ba0f61df45e87071993e5249e6c77e05

SHA256
9b7bc24ae59f388a3a959f822fe1c935487fa54648dd97f3411a29b62523171d

SHA512
e887164f59fac482484ff359c57980667016632a1113a0f861e2782c68479c709d5379ea35fbee8ad2c28e04e68f6b4231f50b14b85839b6d080e61b284689d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe

Filesize
184KB

MD5
9e1443e03bbdfe10cdce9767a0e00d60

SHA1
a930ae46193cf2466a6b6246e22df44971d5f0a0

SHA256
bc264ea8ff66f4c089864f99f09aa5698e4a4b303c5f7053087839f8c809e55f

SHA512
607c98ce392854008ba13a8cf8389c1518902efc948b2b0b6be4e455d29068caef4e6426812319b757ac1ecee7888b204afd61f2c525dbda065de7f65e769340

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe

Filesize
184KB

MD5
021eb86b4f4278b59e42552ad5e705c7

SHA1
1a7b804cd694ec29cd41708c63d4de9ecf70be88

SHA256
55151c4d1876ea643080f743d5ced41db0264d0f97ea6068b51858f8abfb7e65

SHA512
32ca402cb982b2f0058789bd6803dbb68ca6646cf02fe08ca05a875115ce534da1167ce6a1ee21b30d5aaf0eb324a33ac1a724b6d7acde4d90dbc32aa192ef6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe

Filesize
184KB

MD5
abf622969d715b7144bd0e8f4c7dc985

SHA1
a48f075e873979395867df2e9ef126eba2ec151a

SHA256
ca0d0e932c6487020eb30d56ed9539471a9e25d8708798e1d923acc508236cb2

SHA512
cd5911324ce5a166f0f0ddf8a563fa54dcedee67d652d56e70443755f137495e4c8b95823f23b41ae6545e96829498b932c7f0fc6ae08dd0668813ddf8d99281

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe

Filesize
184KB

MD5
4457b006c57a0c9ff7eed6d2a9408f2a

SHA1
db4ec2d9960cbb019e342bdc5d6fe14957b96378

SHA256
2cc59ec27458c5cb4e74baf60f4db788d187094d50d26accefce0e0c3b52121c

SHA512
e31d6c81718c24ddc677196512fe6f819748e0fd36bd720d142fd9e2d468bd747790a5f8778cdf65a1a162e003de5654f4acb7f3998081cce580a62571f016b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe

Filesize
184KB

MD5
038d99180e2c0ea479e8a92fa5139086

SHA1
94aa4bb4655da99aa7d47810ec7092f3ef0e912f

SHA256
3f776241319be62437a0e2124e671a45140b82e06ece89af90b5effbff127a3c

SHA512
3ac413ae6b45e68ae1154a652fdafc755a8ef1d2ab48abe51f4449315d978bb204a2885649ee005b82f5bfc32e8b3571a9eac5f5bc3faa38275e69dcc27363fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe

Filesize
184KB

MD5
debaa0e8025116266cd1c95d330b9461

SHA1
b1894b0e69bd37857b4fb3a4ff34ea922a8447bf

SHA256
04e72c1bf07ccb19e5f7a56400481ae62f58c8e8706d189fec83f18c935435b0

SHA512
9d41fa4b994e8ce5ab74e8b02daedebda3daeb8ced839906b9ecf9577d53640aa29d2b732dfaeca901b62b70ef5bbc35f68f29ba5269af628163448f722c67b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe

Filesize
184KB

MD5
a5f7049a4f0678668fb775f470ae9194

SHA1
bf21f153b0810e626fcb5c41499c4e81c3fb81f3

SHA256
c4b98245cdd50ed272c54740e1dce6972d41721f749acc1833b0914913f09ced

SHA512
7b33103674b4148f630ec4d4d93c40f514fe837830717b8cec80b479cded743c34f5254e94e9d5318f064c4cae5dc3697d6d42bb60b159be0abebc63c46aaeaf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads