0333aa87f4d791c1a6bfde67816d44278ab84835048cc28a9532c780f3783008

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
Size

184KB
MD5

996fb65941befce1625a2d14417276d0
SHA1

6bafbf7d44bd6522511ebacdebfdad19f17bf124
SHA256

0333aa87f4d791c1a6bfde67816d44278ab84835048cc28a9532c780f3783008
SHA512

296da9389f2c6bed16a0ce3b4e66460e82390d51198a59f4a48f2ea6e47728f9f0b1d328ae3ce6b10ede79041fbac69f18dccbfaf834c3e04a824b41d6f6021e
SSDEEP

1536:jbZY6jZ5WBL8o5xxt/EAxxwMF+XygZM86mdIBwfR2WQet8hl5hj5nizpcw:nZGBL8ofP/EIdFSJOlwfRGs8hlnViFR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1976	Unicorn-1259.exe
1880	Unicorn-21587.exe
2704	Unicorn-1721.exe
2688	Unicorn-15954.exe
2464	Unicorn-27883.exe
2452	Unicorn-48818.exe
2700	Unicorn-19945.exe
2608	Unicorn-79.exe
1764	Unicorn-49088.exe
2028	Unicorn-3416.exe
1760	Unicorn-34828.exe
2360	Unicorn-2098.exe
3040	Unicorn-64983.exe
2824	Unicorn-35264.exe
2836	Unicorn-15398.exe
808	Unicorn-50723.exe
604	Unicorn-1522.exe
592	Unicorn-47194.exe
1604	Unicorn-23495.exe
3036	Unicorn-36109.exe
1716	Unicorn-30402.exe
1304	Unicorn-26680.exe
1256	Unicorn-49234.exe
1908	Unicorn-22269.exe
716	Unicorn-65378.exe
2164	Unicorn-49042.exe
1692	Unicorn-32706.exe
2980	Unicorn-62041.exe
1724	Unicorn-62041.exe
2392	Unicorn-16370.exe
1864	Unicorn-64086.exe
2560	Unicorn-1948.exe
2660	Unicorn-53609.exe
2536	Unicorn-37273.exe
2664	Unicorn-18092.exe
2436	Unicorn-4216.exe
2736	Unicorn-36889.exe
2952	Unicorn-303.exe
2520	Unicorn-3640.exe
2772	Unicorn-3256.exe
2920	Unicorn-32591.exe
1552	Unicorn-18716.exe
680	Unicorn-65072.exe
1788	Unicorn-3064.exe
2396	Unicorn-34860.exe
2304	Unicorn-14994.exe
2480	Unicorn-34860.exe
2460	Unicorn-16063.exe
1700	Unicorn-4875.exe
1460	Unicorn-52688.exe
1152	Unicorn-47898.exe
1744	Unicorn-3295.exe
1008	Unicorn-3295.exe
984	Unicorn-3295.exe
652	Unicorn-17913.exe
3068	Unicorn-38464.exe
864	Unicorn-22128.exe
1616	Unicorn-17529.exe
1992	Unicorn-33673.exe
1660	Unicorn-53347.exe
2812	Unicorn-17145.exe
2644	Unicorn-53155.exe
2420	Unicorn-27390.exe
2540	Unicorn-52771.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
1976	Unicorn-1259.exe
1976	Unicorn-1259.exe
2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
1880	Unicorn-21587.exe
1880	Unicorn-21587.exe
1976	Unicorn-1259.exe
1976	Unicorn-1259.exe
2704	Unicorn-1721.exe
2704	Unicorn-1721.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1880	Unicorn-21587.exe
2688	Unicorn-15954.exe
2688	Unicorn-15954.exe
1880	Unicorn-21587.exe
2704	Unicorn-1721.exe
2452	Unicorn-48818.exe
2704	Unicorn-1721.exe
2452	Unicorn-48818.exe
2464	Unicorn-27883.exe
2464	Unicorn-27883.exe
308	WerFault.exe
308	WerFault.exe
308	WerFault.exe
308	WerFault.exe
308	WerFault.exe
788	WerFault.exe
788	WerFault.exe
788	WerFault.exe
788	WerFault.exe
788	WerFault.exe
2700	Unicorn-19945.exe
2700	Unicorn-19945.exe
2688	Unicorn-15954.exe
2688	Unicorn-15954.exe
2028	Unicorn-3416.exe
2452	Unicorn-48818.exe
2028	Unicorn-3416.exe
2452	Unicorn-48818.exe
2608	Unicorn-79.exe
2608	Unicorn-79.exe
1764	Unicorn-49088.exe
1764	Unicorn-49088.exe
2464	Unicorn-27883.exe
2464	Unicorn-27883.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2580	2320	WerFault.exe	27
1952	1976	WerFault.exe	28
308	1880	WerFault.exe	29
788	2704	WerFault.exe	30
1916	2688	WerFault.exe	32
1900	2452	WerFault.exe	34
1448	2464	WerFault.exe	33
2376	2700	WerFault.exe	36
1548	2028	WerFault.exe	39
2212	2608	WerFault.exe	37
2996	1760	WerFault.exe	40
2992	1764	WerFault.exe	38
2208	2360	WerFault.exe	43
268	3040	WerFault.exe	44
328	808	WerFault.exe	48
1180	604	WerFault.exe	47
1052	592	WerFault.exe	49
1620	2824	WerFault.exe	45
904	2836	WerFault.exe	46
908	1604	WerFault.exe	53
1260	3036	WerFault.exe	54
1920	1716	WerFault.exe	55
2820	1304	WerFault.exe	56
2176	1256	WerFault.exe	57
2156	1908	WerFault.exe	58
916	716	WerFault.exe	59
1232	1692	WerFault.exe	61
1712	2392	WerFault.exe	64
2656	2980	WerFault.exe	62
1884	2164	WerFault.exe	60
2628	1724	WerFault.exe	63
1496	1864	WerFault.exe	70
1988	2536	WerFault.exe	73
332	2664	WerFault.exe	74
1016	2660	WerFault.exe	72
2648	2436	WerFault.exe	75
2184	2560	WerFault.exe	71
3100	2736	WerFault.exe	76
3180	2952	WerFault.exe	77
3256	2304	WerFault.exe	84
3248	2520	WerFault.exe	78
3264	2480	WerFault.exe	86
3376	1700	WerFault.exe	88
3432	2396	WerFault.exe	85
3424	2920	WerFault.exe	80
3364	1788	WerFault.exe	83
3500	2460	WerFault.exe	87
3508	2772	WerFault.exe	79
3552	1552	WerFault.exe	81
4048	1460	WerFault.exe	96
3732	1616	WerFault.exe	104
3816	1008	WerFault.exe	99
4008	2420	WerFault.exe	109
3968	2812	WerFault.exe	107
3164	864	WerFault.exe	103
3452	2900	WerFault.exe	112
3564	1152	WerFault.exe	97
2492	2092	WerFault.exe	121
3616	2540	WerFault.exe	110
4104	3068	WerFault.exe	102
4120	3000	WerFault.exe	135
4156	380	WerFault.exe	139
4176	2912	WerFault.exe	137
4184	2236	WerFault.exe	141

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
1976	Unicorn-1259.exe
1880	Unicorn-21587.exe
2704	Unicorn-1721.exe
2688	Unicorn-15954.exe
2464	Unicorn-27883.exe
2452	Unicorn-48818.exe
2700	Unicorn-19945.exe
2608	Unicorn-79.exe
1760	Unicorn-34828.exe
2028	Unicorn-3416.exe
1764	Unicorn-49088.exe
2360	Unicorn-2098.exe
3040	Unicorn-64983.exe
808	Unicorn-50723.exe
2836	Unicorn-15398.exe
2824	Unicorn-35264.exe
604	Unicorn-1522.exe
592	Unicorn-47194.exe
1604	Unicorn-23495.exe
3036	Unicorn-36109.exe
1716	Unicorn-30402.exe
1304	Unicorn-26680.exe
1256	Unicorn-49234.exe
1908	Unicorn-22269.exe
716	Unicorn-65378.exe
1692	Unicorn-32706.exe
1724	Unicorn-62041.exe
2980	Unicorn-62041.exe
2164	Unicorn-49042.exe
2392	Unicorn-16370.exe
1864	Unicorn-64086.exe
2560	Unicorn-1948.exe
2660	Unicorn-53609.exe
2536	Unicorn-37273.exe
2436	Unicorn-4216.exe
2664	Unicorn-18092.exe
2736	Unicorn-36889.exe
2952	Unicorn-303.exe
2520	Unicorn-3640.exe
2772	Unicorn-3256.exe
2920	Unicorn-32591.exe
1552	Unicorn-18716.exe
680	Unicorn-65072.exe
1788	Unicorn-3064.exe
2304	Unicorn-14994.exe
2480	Unicorn-34860.exe
2396	Unicorn-34860.exe
2460	Unicorn-16063.exe
1700	Unicorn-4875.exe
1460	Unicorn-52688.exe
1152	Unicorn-47898.exe
1008	Unicorn-3295.exe
1744	Unicorn-3295.exe
984	Unicorn-3295.exe
652	Unicorn-17913.exe
864	Unicorn-22128.exe
3068	Unicorn-38464.exe
1616	Unicorn-17529.exe
1992	Unicorn-33673.exe
1660	Unicorn-53347.exe
2812	Unicorn-17145.exe
2644	Unicorn-53155.exe
2420	Unicorn-27390.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1976	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 1976	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 1976	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 1976	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	28
PID 1976 wrote to memory of 1880	1976	Unicorn-1259.exe	29
PID 1976 wrote to memory of 1880	1976	Unicorn-1259.exe	29
PID 1976 wrote to memory of 1880	1976	Unicorn-1259.exe	29
PID 1976 wrote to memory of 1880	1976	Unicorn-1259.exe	29
PID 2320 wrote to memory of 2704	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2704	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2704	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2704	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2580	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	31
PID 2320 wrote to memory of 2580	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	31
PID 2320 wrote to memory of 2580	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	31
PID 2320 wrote to memory of 2580	2320	996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe	31
PID 1880 wrote to memory of 2688	1880	Unicorn-21587.exe	32
PID 1880 wrote to memory of 2688	1880	Unicorn-21587.exe	32
PID 1880 wrote to memory of 2688	1880	Unicorn-21587.exe	32
PID 1880 wrote to memory of 2688	1880	Unicorn-21587.exe	32
PID 1976 wrote to memory of 2464	1976	Unicorn-1259.exe	33
PID 1976 wrote to memory of 2464	1976	Unicorn-1259.exe	33
PID 1976 wrote to memory of 2464	1976	Unicorn-1259.exe	33
PID 1976 wrote to memory of 2464	1976	Unicorn-1259.exe	33
PID 2704 wrote to memory of 2452	2704	Unicorn-1721.exe	34
PID 2704 wrote to memory of 2452	2704	Unicorn-1721.exe	34
PID 2704 wrote to memory of 2452	2704	Unicorn-1721.exe	34
PID 2704 wrote to memory of 2452	2704	Unicorn-1721.exe	34
PID 1976 wrote to memory of 1952	1976	Unicorn-1259.exe	35
PID 1976 wrote to memory of 1952	1976	Unicorn-1259.exe	35
PID 1976 wrote to memory of 1952	1976	Unicorn-1259.exe	35
PID 1976 wrote to memory of 1952	1976	Unicorn-1259.exe	35
PID 2688 wrote to memory of 2700	2688	Unicorn-15954.exe	36
PID 2688 wrote to memory of 2700	2688	Unicorn-15954.exe	36
PID 2688 wrote to memory of 2700	2688	Unicorn-15954.exe	36
PID 2688 wrote to memory of 2700	2688	Unicorn-15954.exe	36
PID 1880 wrote to memory of 2608	1880	Unicorn-21587.exe	37
PID 1880 wrote to memory of 2608	1880	Unicorn-21587.exe	37
PID 1880 wrote to memory of 2608	1880	Unicorn-21587.exe	37
PID 1880 wrote to memory of 2608	1880	Unicorn-21587.exe	37
PID 2704 wrote to memory of 1764	2704	Unicorn-1721.exe	38
PID 2704 wrote to memory of 1764	2704	Unicorn-1721.exe	38
PID 2704 wrote to memory of 1764	2704	Unicorn-1721.exe	38
PID 2704 wrote to memory of 1764	2704	Unicorn-1721.exe	38
PID 2452 wrote to memory of 2028	2452	Unicorn-48818.exe	39
PID 2452 wrote to memory of 2028	2452	Unicorn-48818.exe	39
PID 2452 wrote to memory of 2028	2452	Unicorn-48818.exe	39
PID 2452 wrote to memory of 2028	2452	Unicorn-48818.exe	39
PID 2464 wrote to memory of 1760	2464	Unicorn-27883.exe	40
PID 2464 wrote to memory of 1760	2464	Unicorn-27883.exe	40
PID 2464 wrote to memory of 1760	2464	Unicorn-27883.exe	40
PID 2464 wrote to memory of 1760	2464	Unicorn-27883.exe	40
PID 1880 wrote to memory of 308	1880	Unicorn-21587.exe	41
PID 1880 wrote to memory of 308	1880	Unicorn-21587.exe	41
PID 1880 wrote to memory of 308	1880	Unicorn-21587.exe	41
PID 1880 wrote to memory of 308	1880	Unicorn-21587.exe	41
PID 2704 wrote to memory of 788	2704	Unicorn-1721.exe	42
PID 2704 wrote to memory of 788	2704	Unicorn-1721.exe	42
PID 2704 wrote to memory of 788	2704	Unicorn-1721.exe	42
PID 2704 wrote to memory of 788	2704	Unicorn-1721.exe	42
PID 2700 wrote to memory of 2360	2700	Unicorn-19945.exe	43
PID 2700 wrote to memory of 2360	2700	Unicorn-19945.exe	43
PID 2700 wrote to memory of 2360	2700	Unicorn-19945.exe	43
PID 2700 wrote to memory of 2360	2700	Unicorn-19945.exe	43

C:\Users\Admin\AppData\Local\Temp\996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\996fb65941befce1625a2d14417276d0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        11⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        12⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        13⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        15⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 236
        14⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        13⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        12⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        11⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
        12⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        13⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        14⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
        14⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        13⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        12⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        11⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        10⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        11⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52210.exe
        12⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        13⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        14⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
        14⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        13⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        12⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        11⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
        10⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
        11⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        12⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        13⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        14⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        15⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
        15⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
        14⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        13⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        12⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        11⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        12⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
        13⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        14⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 236
        14⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        13⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 240
        11⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
        10⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        12⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21881.exe
        13⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        14⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        14⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 236
        13⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
        12⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        11⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        10⤵
        Program crash
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        9⤵
        Program crash
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        10⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        11⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 220
        12⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        10⤵
        Program crash
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        12⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        13⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 220
        13⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        12⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
        9⤵
        Program crash
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        8⤵
        Program crash
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        11⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        12⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        13⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
        14⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
        14⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        11⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        12⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
        13⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        9⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        12⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
        11⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        Program crash
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        7⤵
        Program crash
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        9⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        11⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        12⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        13⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        14⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        14⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
        13⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
        10⤵
        Program crash
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        11⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        12⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
        13⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
        13⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        12⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        11⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
        9⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        8⤵
        Program crash
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        11⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        12⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        12⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
        11⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        10⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        11⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
        12⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        11⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        10⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        7⤵
        Program crash
        
        PID:1260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        6⤵
        Program crash
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16498.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        11⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        12⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        13⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        14⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
        14⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 220
        13⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        11⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50291.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        11⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        12⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
        13⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
        13⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        12⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        10⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        12⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        13⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        9⤵
        Program crash
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        11⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        12⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        13⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
        13⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 236
        11⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        9⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        8⤵
        Program crash
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        7⤵
        Program crash
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        12⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        13⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 220
        13⤵
        
        PID:13780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 220
        12⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        11⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        12⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
        12⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 220
        11⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        10⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        11⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        12⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
        12⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        10⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        8⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
        7⤵
        Program crash
        
        PID:332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        6⤵
        Program crash
        
        PID:268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        8⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        11⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        12⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        13⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
        13⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        12⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        11⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        12⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        13⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 220
        13⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 220
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        11⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        9⤵
        Program crash
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64842.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        11⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 220
        12⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 236
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        8⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46933.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        12⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        13⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
        13⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        12⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        11⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        10⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        10⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        11⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        12⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 220
        12⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        11⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        10⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        11⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        12⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 220
        12⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        11⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        8⤵
        Program crash
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
        8⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 220
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        7⤵
        Program crash
        
        PID:3500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 220
        6⤵
        Program crash
        
        PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        11⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
        12⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        13⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        9⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        10⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        11⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
        11⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        10⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        7⤵
        Program crash
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        9⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        10⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        11⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        10⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        9⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        8⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        7⤵
        
        PID:4996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        6⤵
        Program crash
        
        PID:2628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        5⤵
        Program crash
        
        PID:2212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        12⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        13⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        11⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
        12⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
        12⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 220
        8⤵
        Program crash
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        7⤵
        Program crash
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
        10⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        11⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        12⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 236
        12⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        11⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        9⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        10⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        11⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
        11⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 220
        10⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        9⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        7⤵
        
        PID:4192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        6⤵
        Program crash
        
        PID:2820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        5⤵
        Program crash
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        11⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        12⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
        13⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        11⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        12⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
        12⤵
        
        PID:13640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        10⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24927.exe
        10⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        11⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 236
        11⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        10⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        9⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        8⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
        7⤵
        Program crash
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        6⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        10⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        11⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
        12⤵
        
        PID:14168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        10⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        9⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        10⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
        10⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        9⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        8⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        7⤵
        
        PID:4264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 240
        6⤵
        Program crash
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        10⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        11⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
        11⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 220
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        9⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        7⤵
        
        PID:4224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        6⤵
        Program crash
        
        PID:3424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        5⤵
        Program crash
        
        PID:1052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        8⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        11⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        12⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        13⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        11⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        10⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        9⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        8⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        11⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
        12⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        13⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
        13⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 220
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        11⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32190.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        10⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        11⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        12⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
        12⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        10⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        11⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        12⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
        12⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        11⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        9⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        8⤵
        Program crash
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        7⤵
        Program crash
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35029.exe
        8⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2651.exe
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        11⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 236
        12⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        11⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        10⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        11⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        12⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 236
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        8⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        11⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 220
        12⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
        8⤵
        
        PID:4708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        6⤵
        Program crash
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        8⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        12⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        13⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
        13⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        12⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        11⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        10⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        11⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        12⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        11⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        11⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        12⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
        12⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 220
        11⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        9⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        8⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        6⤵
        Program crash
        
        PID:2656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Program crash
        
        PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        10⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        11⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        12⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        12⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 236
        11⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        10⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        11⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        12⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
        11⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        6⤵
        Program crash
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36435.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        9⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        11⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        10⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        9⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe
        10⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        11⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        10⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        9⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        8⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        9⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        10⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        10⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        9⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        8⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        7⤵
        
        PID:5088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 220
        6⤵
        Program crash
        
        PID:3256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        5⤵
        Program crash
        
        PID:904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        12⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        13⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        11⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        10⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        11⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
        12⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        11⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        10⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
        11⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        12⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        11⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 236
        10⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        11⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        12⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
        12⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        11⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
        9⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        10⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        11⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        10⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        9⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        9⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        10⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        11⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 236
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
        10⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        9⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        8⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        7⤵
        Program crash
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        6⤵
        Program crash
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        12⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 220
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        10⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        9⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        10⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
        11⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
        10⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        9⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        10⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        11⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 236
        10⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        9⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        8⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        9⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        10⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        11⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
        11⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        10⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        9⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        7⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        9⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        10⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
        10⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        9⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        8⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
        7⤵
        
        PID:5276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:3180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
        5⤵
        Program crash
        
        PID:328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        9⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        10⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 236
        11⤵
        
        PID:13388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
        10⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        9⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        8⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        7⤵
        
        PID:4540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        6⤵
        Program crash
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        10⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        10⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        7⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
        9⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
        9⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        8⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        7⤵
        
        PID:7476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        6⤵
        
        PID:5288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        5⤵
        Program crash
        
        PID:2156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
      4⤵
      Program crash
      PID:2992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
  2⤵
  - Program crash
  PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe

Filesize
184KB

MD5
2b5603a78af8be79ba7c6ca494703656

SHA1
6d25ee92799371832f0f64266bee4f003c27e659

SHA256
1519d9c45c6de21803f1afed2503efa178ec82471853e159b6dd4c16d437d609

SHA512
dc54a8545a287ac3a1fd670c26132a2b0a88b986a20620cebb3966fceb89ce3408cbb08803f532d469b6e22241a5885daf7820ccb712f7889f9580345fda7eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe

Filesize
184KB

MD5
ad3e8bc07bc42536fc3d8c3b554cd1e7

SHA1
ee861d163f1c77e9e00436553e127f4428e04f53

SHA256
53c9567f75cdb65c002e289d5f65cb6821bb60f6d74214a75af8973066c07cd9

SHA512
1ede66d2a9471ef01f2957a2f1ece4527eb98aa8058a242ce245eba91d46193975e4daf5be3314dad96fb6af3f7c24959fa73076dbf3ecbff7f869763fefd7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe

Filesize
184KB

MD5
c65e889c6823b54119a9e37485d7f95c

SHA1
fe06e00efaa43ec045bdbfea4c13fb92df4e7669

SHA256
8e69bf9b43efa8f933ee80b24fbd65038ffb1f3dc868f136a2ab7b090aaf25b8

SHA512
52fd27338ccf1ff46b1b968017cac7caa095ece17061dde9bc5bf874d3c3b6b68162989a8af693c940fdf39bc9b6e0370c417165999976ee2c1513249853730d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe

Filesize
184KB

MD5
89e6b8f174efbb76755b7bf32555ca71

SHA1
2ae2873717ca75c12665e203710fd267a1d1839b

SHA256
605e0a5aab6b4cba884990b2a3092483fe98844ec86c12d8530c0e303a8a2e91

SHA512
1cfebc21fc0b257a536bb5de5006a26b814e951a588c9c889d48c670b8289cb0bc2944a208b9771482deaa6351d23ef5f01f870572f88117b9484c715fd0ffb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe

Filesize
184KB

MD5
696f02633b0eaf2b86167363d90dc21a

SHA1
268b03b5cc1bfc07cce25ec62324549f10569488

SHA256
bbea8021d66614b85138446386c71b5b38e5bf5d3cb351f3d3ed76d9a0bfe2b9

SHA512
3bd7f3e3223ebe6c04690526c9ee578f8b6121a927a0151d8064b3136a27ffa6bc853ed4d7a622fe227e90121b7d0545b7110c4f921a0b5bd9a1914e9e303333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe

Filesize
184KB

MD5
b0b3fdcb12e12cfb54a720c4b8bfbaf3

SHA1
b9f1e4975ff3a3ffff20c3c71eb5aa0c925b76e7

SHA256
79ab1e0e16f966d86534fbc8537f6bb863d803387b75bfbb4e74efe8f8c29957

SHA512
d557e7136ba255b97dcae7a057f1780b57a839739d10e5152e7eee50ecca3983ffb00cf5811172aa555fdc329930457c4f22f62251abebdf4572d4084b360c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe

Filesize
184KB

MD5
9f9dbd221141707aabcd5c08bfff3df8

SHA1
d17ca5a72f3ff8ccbeb3362c05b7c897d0836339

SHA256
fe2aa2d521e2f69e19c9a8c72c843f2fb28834c8b0c47b50acb49537b3f5f65d

SHA512
da5a8e6374c419ef354fff476ccdc97cceeceb4e2238eb8cb33fb46e000d9f873f1d2d234a78abadda8b250ed7d84de216af6e64ac7ec083a89ab56bf63e95ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe

Filesize
184KB

MD5
202cb981cced469678ac7134692413d1

SHA1
6d563926954edd861d66ce4f103346c6ba100f37

SHA256
ac2b23e78e27838b5027c8292be422d16d325bf0d7881318bdb17b4f7f8738cf

SHA512
65c848171aeb2cfad690f7452c6b7bb257433cc499a634087bd988ac740497ff28cec420c9a937c13a7a2b2b1202ba231b7d38da8af67fe627a18f7048b17298

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe

Filesize
184KB

MD5
2b822391bef92d93166128a39059adfe

SHA1
9082db9f4c939aab22fec35dd621fe44001aba3a

SHA256
4556340998dde515c2c456e05cfd9eb7b7ee7faea5f9ca3c6e0317d3c1090098

SHA512
cd6674a50879ed1f45d2df71cdd63e4e93c74dc484905ae599e10fe7e8042be1f0b8edd3b27b9d738fbc3b4c8a693721159df305ab3f36e3f040624b087f740c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe

Filesize
184KB

MD5
23e2306745e063b9ec795ed514fcb109

SHA1
4a77130d596eb9396437fef2c30cfd33cafb683c

SHA256
70ce86e944fbc83252eba894fe3565b89cd0c107ad2b10dd300bf7962e8be8eb

SHA512
67a2c9b6cccb61d87ed399d1716fe4f8ca311b5da96a1b59bf7fb11580496e95445fd663f3527a2298223b183a0e5e4eba041fd50c35b5b414f7aec0108b1a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe

Filesize
184KB

MD5
92448d50508914d68134dbccbe28701f

SHA1
d393e560c16599b21281303d661db0cfee7e2af3

SHA256
4f928f156abcebfee12f03412ef8b17b46015cbc4e36fece6bd6385205ef82fb

SHA512
d70275cdcfb684d38b525ec86274544ba202abef91e6f58da2926eb23dbc115586adb1a53b5ade35191c630645cffd5f64ef27c44f1189376cf7b2ee64347cfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe

Filesize
184KB

MD5
904db9024335fa442e5d685d9fb0b915

SHA1
aa48f61a63f2594912fc050971157f0ab5d50af9

SHA256
2db8078032f3d7ec8265db0c5d546168887c037c63215e34ad1e08b4a3024e08

SHA512
191501ccc9942b00f3ab828edab87501b4e1fa46eaa9e5fb7ab9ca20e9d35ecbb9251cc35991414aa13e2eb303f1c1d68f22cb0263f76ded566f4043a403e5c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe

Filesize
184KB

MD5
873992f6a244c084d1089073454040a8

SHA1
69dc58e04b11b5bb5cbd75f1bc6064b2d7e55895

SHA256
635bdf9c1db82482cf81867489a543f11db30925277caf320c1fa2eb598d439d

SHA512
8c0d1ebdc00f071a6a28455ca917591bb59ae2e9059f491760e9088079a9eb8d1568415e49c876c3b24d7b387a496e3ff26c2f0e57f240aa034f13d10a7baab7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe

Filesize
184KB

MD5
753109596143c837e18cd1b650f089d7

SHA1
12ff76c19443718095950c59ad5f8160e3399eec

SHA256
f9f73eedba6c5d26a474bd28c5feecbff21970d17357bdf073666004ea6fa06f

SHA512
149a56c791678883b0d143ab893fabeee91d8e9f38cf730d801a5a5f480bd4de8a8386389ed1047e1777fb3d1c2222717a2a2cf0a0161e21da720b05103d2aa6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe

Filesize
184KB

MD5
55b5ee34360d9f9077dcc2a3c93c3266

SHA1
1e1e1180d1722cf849a7ba22a3b29d46416f481d

SHA256
4c804a53116e48ecafedc5fd1b03f0a15b113168f9bb206c834f22a8e09eca9e

SHA512
7bc7b53c7ff41e48e308747d271e22e8dd5b1fd4bbd74f38f52120ad914d7e526c4a7021849e1c9146519bc109c4c790103b45a83e58e5c24ebad2e18aab97fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe

Filesize
184KB

MD5
24952dd6e493cbd8a0b3a25109e150e2

SHA1
2a0887efcacffa50111c7cd8c062b441424e0f21

SHA256
4f665ade00cb5b6b1970ef57313fa2f4e70624b7eabe76c60589282a16e0e2b0

SHA512
5020ee6574030afda27b54a523df0ab4386e31379eea1e660ef4db38ba7e24abf8a9776fb545b0d13314609c03e85000eedebef999a826143e109e448211a612

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe

Filesize
184KB

MD5
e82ad4a7d4356cc50eba199f25e3f5f4

SHA1
5d8583f078bfa79a2bd529b082d0640c40ea71d5

SHA256
5237a243652beb69032d3665abd10fc21bc4a1977b7124241cfdd5160d8ad7d0

SHA512
0fb0362e8d168f8d3ce92348f11e5187b539a7dbbfef933cd6a8ddd8d536d9aa7bb83a83feec012d058cc47cbd6091d7ab26cca8617f3725f6049407f6f11664

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe

Filesize
184KB

MD5
d587565499aabfe3281edce9d63cca5c

SHA1
1ab886ebdb63e5cca2008304e70b7157590cc2df

SHA256
17f363fa95b6b82ba1966cb0d49ac23275adfe74dc1698661b0dab869f1af13d

SHA512
418be8da35ca54b8b55a20af8d0a3c3f62a39cd8b40d729eeee8e7d004befce05fc7053310266846bd01432d7c8fe72db0075b3db4f2cae79393bc2b675de3f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe

Filesize
184KB

MD5
3babc5ebdbe15613bf71333051c0ab41

SHA1
dd489f0d9fcff5af3e6def96db11d1eb7b9a4399

SHA256
0b13f5869993d94accbe43ac65f5594e12833fc2111f4e38a51e643ec313278b

SHA512
5f16f7f5fbf35d6ab09683eb472fa9151d27382439744cd7613ffef9b0b459b7169d927b4306ff62c9511204d1016e9ffc8b5c8456cd1b694685734c3f36ec7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe

Filesize
184KB

MD5
e5cf3bb86b91350e5fa90c46596fd389

SHA1
6195b51ee9e3eb7f1c0cd8e3400354a73d545fe7

SHA256
0bbe1bf15297c88afa72930314e53e9ece1a1cfd8d28fb873beb738fd0f552ad

SHA512
6b105c995fa35627ecd3293b7f64292e88791416c90d9c7b600d300be46700a2afac8567ff6bd36526571bcff7476e190017e3c31e14c4615343416ab8677f31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe

Filesize
184KB

MD5
71d7fb29aaca602af113a5cc002cbd8d

SHA1
9f41fa2079ce5ed3d5c246b9c100c6c7f499e7d2

SHA256
646efabfff1630d0117dece8b6031722b1c7c278ea9543dfaa360af528e6e9bc

SHA512
13881718a2ae991cdc656fffa0c0047ce5cc02d5098ce6c4e5f777e11a0b669d5937f009984cfd1a5f7bf1f7a17bc05b612a395169878e9f7b89fc54455dd3a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe

Filesize
184KB

MD5
9e2354dea8a1e0ee427eca8d36744093

SHA1
f5b2e0f1833c3d365041e85a2695392ba2e7f9f8

SHA256
0d3fed1f631b6f1c431387e43af487c1e6610a6a2d6f95c4d9984fd954f4eacf

SHA512
cc52ff8c62c9b38bf77a4005359ae1f9bf65fef93dc51614ab7116a8fa7122c3b1cafa5b0b91a2812162b10792c09ea093078bd7662fca1a1bc604ac1f0c605f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe

Filesize
184KB

MD5
969847676e4c106f6744cf627df2760e

SHA1
107e1db9e171b8bfb345a9d7fe81df0708e2cc3f

SHA256
fbf6dccd40a78e40c7312ae334bd7f36a2510df456b138bf38adbf022797fa6e

SHA512
594911cff0930a33f341a31d30a8911b24953f607ef029f8d6afd2f917f237d0167f62fc470292eaaa28ee38909ea9f9291f20d153cd4913ac27f763c341f82f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe

Filesize
184KB

MD5
8f83ccaaf5e122e3de18b55d07b9d318

SHA1
3377b21a621aabb9f9edcaa738291d2914852a57

SHA256
d219f7a470301e7c6c4982a503f94bcb913729ca7a3d0ee2a9e6d8e96327f770

SHA512
283d9233818102a537ba499411ad3d667b9022e84a9ff64f58ec25e2b146c3af1d1ff802e9687f341f39db1d284314222f89f9aa1e685bdf708b4c5b15b8138f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe

Filesize
184KB

MD5
70e3932f54f8d1ac075db7e715849866

SHA1
6aa67f6d6d3389f657f506dc64c3ff0e37c9ca2f

SHA256
2f814df0826d922b490257d2d6a535e130e5c538fd24856d461dd8456be19bd3

SHA512
81585095dd6c31c9fce25871aa3eaae7c0af3456b711b8ce1ad5e09fa5261f13d6eec2bae0c503570955c4b2f5ba821ae09cd08023a2b5573dcbf7f5e3f7dded

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe

Filesize
184KB

MD5
5bd417370d6f1d6e1eff3c71f995d35c

SHA1
0660d927d42e26fd548dd99eb02919b2d708cbec

SHA256
8449305d4247d896c2da29f65ca76fe8c9869e6dd9d8c123c21823f7295bf899

SHA512
96f1a39eb9e8b0898a4976fe462cb357b208072ba48fd3312320e7a55fd7c08e1a81368bc578d660e61593f4b3b86c62e89a28afc3002d9e7be58e8df74f41f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-79.exe

Filesize
184KB

MD5
6c4e4c31f0442d83f7158bb39976b3a2

SHA1
ee97ccceaa93b663bfcca3a3e15095b248dcc3de

SHA256
f879d59bcd70f71c99c00382156edc3cfd96beae9cb85a61e0f156a6d3814d34

SHA512
8c5abbe464b9cc96251c9d021cfebdffd865cbc8f7c40b4a097acf3a5b40e0fcde7a79f011f7d447df1b4da6a6a7ca0333c345e07779115772accc6b9c012935

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads