6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
Size

184KB
MD5

0924ce0ed6473a95910eb8da261054f7
SHA1

1b4fcb0c589545d62e46a9b79e031014b7cbd731
SHA256

6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8
SHA512

bbcd826647dbefad7ee4c4a5479e3c717a217a6cca234c630798333de47ee78c11c00ff1d9526dbbb4524e5396f5fe863b445e499395a06044e4f646eaba97a9
SSDEEP

1536:eBzT6sZl90eKotx1zJOylawSe09yvZc8Smdd0Ab+2HzutpOl5hj5nizpvk:Say0eKoTlJORjeyWe3Ab+4cpOlnViFc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-54305.exeUnicorn-60418.exeUnicorn-40552.exeUnicorn-58555.exeUnicorn-7963.exeUnicorn-27829.exeUnicorn-20813.exeUnicorn-23313.exeUnicorn-4284.exeUnicorn-4284.exeUnicorn-11061.exeUnicorn-37196.exeUnicorn-33112.exeUnicorn-39888.exeUnicorn-5099.exeUnicorn-39910.exeUnicorn-46687.exeUnicorn-15960.exeUnicorn-1015.exeUnicorn-39417.exeUnicorn-46770.exeUnicorn-62551.exeUnicorn-11959.exeUnicorn-58467.exeUnicorn-19573.exeUnicorn-26349.exeUnicorn-42131.exeUnicorn-18181.exeUnicorn-33771.exeUnicorn-60413.exeUnicorn-60413.exeUnicorn-1653.exeUnicorn-59619.exeUnicorn-35669.exeUnicorn-39199.exeUnicorn-6334.exeUnicorn-17003.exeUnicorn-32785.exeUnicorn-8835.exeUnicorn-47175.exeUnicorn-43091.exeUnicorn-12364.exeUnicorn-39007.exeUnicorn-39007.exeUnicorn-53952.exeUnicorn-49676.exeUnicorn-49676.exeUnicorn-10781.exeUnicorn-4004.exeUnicorn-65457.exeUnicorn-65457.exeUnicorn-6697.exeUnicorn-31114.exeUnicorn-7164.exeUnicorn-14585.exeUnicorn-41228.exeUnicorn-56173.exeUnicorn-39836.exeUnicorn-43174.exeUnicorn-45867.exeUnicorn-30922.exeUnicorn-33422.exeUnicorn-22562.exeUnicorn-39666.exe

pid	process
2400	Unicorn-54305.exe
2132	Unicorn-60418.exe
1252	Unicorn-40552.exe
2628	Unicorn-58555.exe
3048	Unicorn-7963.exe
2556	Unicorn-27829.exe
2768	Unicorn-20813.exe
2848	Unicorn-23313.exe
1224	Unicorn-4284.exe
1052	Unicorn-4284.exe
1332	Unicorn-11061.exe
264	Unicorn-37196.exe
2488	Unicorn-33112.exe
1784	Unicorn-39888.exe
2384	Unicorn-5099.exe
1156	Unicorn-39910.exe
2440	Unicorn-46687.exe
2204	Unicorn-15960.exe
2056	Unicorn-1015.exe
1124	Unicorn-39417.exe
2128	Unicorn-46770.exe
980	Unicorn-62551.exe
1644	Unicorn-11959.exe
1596	Unicorn-58467.exe
1728	Unicorn-19573.exe
692	Unicorn-26349.exe
688	Unicorn-42131.exe
3064	Unicorn-18181.exe
2348	Unicorn-33771.exe
2172	Unicorn-60413.exe
868	Unicorn-60413.exe
2024	Unicorn-1653.exe
2804	Unicorn-59619.exe
2724	Unicorn-35669.exe
1392	Unicorn-39199.exe
2744	Unicorn-6334.exe
2528	Unicorn-17003.exe
2588	Unicorn-32785.exe
2232	Unicorn-8835.exe
2836	Unicorn-47175.exe
2912	Unicorn-43091.exe
2900	Unicorn-12364.exe
1536	Unicorn-39007.exe
1664	Unicorn-39007.exe
1600	Unicorn-53952.exe
1508	Unicorn-49676.exe
1668	Unicorn-49676.exe
2332	Unicorn-10781.exe
2800	Unicorn-4004.exe
632	Unicorn-65457.exe
308	Unicorn-65457.exe
1672	Unicorn-6697.exe
1476	Unicorn-31114.exe
1588	Unicorn-7164.exe
1320	Unicorn-14585.exe
1948	Unicorn-41228.exe
1720	Unicorn-56173.exe
1876	Unicorn-39836.exe
2596	Unicorn-43174.exe
2200	Unicorn-45867.exe
1796	Unicorn-30922.exe
1628	Unicorn-33422.exe
2656	Unicorn-22562.exe
2820	Unicorn-39666.exe

Loads dropped DLL 64 IoCs

Processes:

6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exeUnicorn-54305.exeUnicorn-40552.exeUnicorn-60418.exeWerFault.exeUnicorn-58555.exeUnicorn-7963.exeUnicorn-27829.exeWerFault.exeWerFault.exeUnicorn-20813.exeUnicorn-23313.exeUnicorn-4284.exeUnicorn-4284.exeUnicorn-11061.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
2400	Unicorn-54305.exe
1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
2400	Unicorn-54305.exe
1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
1252	Unicorn-40552.exe
1252	Unicorn-40552.exe
2400	Unicorn-54305.exe
2400	Unicorn-54305.exe
2132	Unicorn-60418.exe
2132	Unicorn-60418.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2628	Unicorn-58555.exe
2628	Unicorn-58555.exe
1252	Unicorn-40552.exe
1252	Unicorn-40552.exe
3048	Unicorn-7963.exe
2556	Unicorn-27829.exe
2556	Unicorn-27829.exe
3048	Unicorn-7963.exe
2132	Unicorn-60418.exe
2132	Unicorn-60418.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
2768	Unicorn-20813.exe
2768	Unicorn-20813.exe
2848	Unicorn-23313.exe
2848	Unicorn-23313.exe
2628	Unicorn-58555.exe
2628	Unicorn-58555.exe
1224	Unicorn-4284.exe
1224	Unicorn-4284.exe
1052	Unicorn-4284.exe
1052	Unicorn-4284.exe
2556	Unicorn-27829.exe
2556	Unicorn-27829.exe
3048	Unicorn-7963.exe
3048	Unicorn-7963.exe
1332	Unicorn-11061.exe
1332	Unicorn-11061.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2636	1944	WerFault.exe	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
2376	2400	WerFault.exe	Unicorn-54305.exe
284	1252	WerFault.exe	Unicorn-40552.exe
288	2132	WerFault.exe	Unicorn-60418.exe
1884	2628	WerFault.exe	Unicorn-58555.exe
1908	3048	WerFault.exe	Unicorn-7963.exe
2064	2556	WerFault.exe	Unicorn-27829.exe
2428	2768	WerFault.exe	Unicorn-20813.exe
2160	2848	WerFault.exe	Unicorn-23313.exe
1428	1224	WerFault.exe	Unicorn-4284.exe
2364	1052	WerFault.exe	Unicorn-4284.exe
2748	1332	WerFault.exe	Unicorn-11061.exe
568	264	WerFault.exe	Unicorn-37196.exe
2960	2488	WerFault.exe	Unicorn-33112.exe
1244	1784	WerFault.exe	Unicorn-39888.exe
1872	2384	WerFault.exe	Unicorn-5099.exe
1756	1156	WerFault.exe	Unicorn-39910.exe
1532	2440	WerFault.exe	Unicorn-46687.exe
1856	2056	WerFault.exe	Unicorn-1015.exe
1564	2204	WerFault.exe	Unicorn-15960.exe
2548	1628	WerFault.exe	Unicorn-33422.exe
2032	308	WerFault.exe	Unicorn-65457.exe
3016	632	WerFault.exe	Unicorn-65457.exe
1624	1124	WerFault.exe	Unicorn-39417.exe
2392	2128	WerFault.exe	Unicorn-46770.exe
2524	1644	WerFault.exe	Unicorn-11959.exe
2772	1596	WerFault.exe	Unicorn-58467.exe
2036	2024	WerFault.exe	Unicorn-1653.exe
532	2172	WerFault.exe	Unicorn-60413.exe
2572	2348	WerFault.exe	Unicorn-33771.exe
2396	692	WerFault.exe	Unicorn-26349.exe
392	688	WerFault.exe	Unicorn-42131.exe
1568	1728	WerFault.exe	Unicorn-19573.exe
580	3064	WerFault.exe	Unicorn-18181.exe
272	868	WerFault.exe	Unicorn-60413.exe
3408	2804	WerFault.exe	Unicorn-59619.exe
3444	2724	WerFault.exe	Unicorn-35669.exe
3452	1392	WerFault.exe	Unicorn-39199.exe
3644	2744	WerFault.exe	Unicorn-6334.exe
3712	2588	WerFault.exe	Unicorn-32785.exe
3748	2528	WerFault.exe	Unicorn-17003.exe
3800	2232	WerFault.exe	Unicorn-8835.exe
3824	2836	WerFault.exe	Unicorn-47175.exe
3852	1664	WerFault.exe	Unicorn-39007.exe
3876	2332	WerFault.exe	Unicorn-10781.exe
4048	1672	WerFault.exe	Unicorn-6697.exe
4080	1600	WerFault.exe	Unicorn-53952.exe
3100	2912	WerFault.exe	Unicorn-43091.exe
2924	2596	WerFault.exe	Unicorn-43174.exe
3152	2900	WerFault.exe	Unicorn-12364.exe
3516	2800	WerFault.exe	Unicorn-4004.exe
3600	1536	WerFault.exe	Unicorn-39007.exe
3668	1476	WerFault.exe	Unicorn-31114.exe
3700	980	WerFault.exe	Unicorn-62551.exe
3780	1588	WerFault.exe	Unicorn-7164.exe
3916	2300	WerFault.exe	Unicorn-33444.exe
3928	1772	WerFault.exe	Unicorn-579.exe
3980	2888	WerFault.exe	Unicorn-64170.exe
3992	2540	WerFault.exe	Unicorn-8747.exe
4032	3012	WerFault.exe	Unicorn-40220.exe
3252	2456	WerFault.exe	Unicorn-46251.exe
3272	2788	WerFault.exe	Unicorn-51726.exe
3308	1068	WerFault.exe	Unicorn-46251.exe
3324	2316	WerFault.exe	Unicorn-11440.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exeUnicorn-54305.exeUnicorn-60418.exeUnicorn-40552.exeUnicorn-58555.exeUnicorn-27829.exeUnicorn-7963.exeUnicorn-20813.exeUnicorn-23313.exeUnicorn-11061.exeUnicorn-4284.exeUnicorn-4284.exeUnicorn-37196.exeUnicorn-33112.exeUnicorn-39888.exeUnicorn-5099.exeUnicorn-39910.exeUnicorn-46687.exeUnicorn-15960.exeUnicorn-1015.exeUnicorn-39417.exeUnicorn-46770.exeUnicorn-62551.exeUnicorn-11959.exeUnicorn-58467.exeUnicorn-19573.exeUnicorn-26349.exeUnicorn-42131.exeUnicorn-18181.exeUnicorn-33771.exeUnicorn-60413.exeUnicorn-1653.exeUnicorn-60413.exeUnicorn-59619.exeUnicorn-35669.exeUnicorn-39199.exeUnicorn-6334.exeUnicorn-17003.exeUnicorn-32785.exeUnicorn-8835.exeUnicorn-43091.exeUnicorn-47175.exeUnicorn-12364.exeUnicorn-39007.exeUnicorn-39007.exeUnicorn-53952.exeUnicorn-49676.exeUnicorn-49676.exeUnicorn-4004.exeUnicorn-10781.exeUnicorn-65457.exeUnicorn-65457.exeUnicorn-6697.exeUnicorn-31114.exeUnicorn-7164.exeUnicorn-41228.exeUnicorn-14585.exeUnicorn-56173.exeUnicorn-43174.exeUnicorn-45867.exeUnicorn-30922.exeUnicorn-33422.exeUnicorn-22562.exeUnicorn-39666.exe

pid	process
1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
2400	Unicorn-54305.exe
2132	Unicorn-60418.exe
1252	Unicorn-40552.exe
2628	Unicorn-58555.exe
2556	Unicorn-27829.exe
3048	Unicorn-7963.exe
2768	Unicorn-20813.exe
2848	Unicorn-23313.exe
1332	Unicorn-11061.exe
1224	Unicorn-4284.exe
1052	Unicorn-4284.exe
264	Unicorn-37196.exe
2488	Unicorn-33112.exe
1784	Unicorn-39888.exe
2384	Unicorn-5099.exe
1156	Unicorn-39910.exe
2440	Unicorn-46687.exe
2204	Unicorn-15960.exe
2056	Unicorn-1015.exe
1124	Unicorn-39417.exe
2128	Unicorn-46770.exe
980	Unicorn-62551.exe
1644	Unicorn-11959.exe
1596	Unicorn-58467.exe
1728	Unicorn-19573.exe
692	Unicorn-26349.exe
688	Unicorn-42131.exe
3064	Unicorn-18181.exe
2348	Unicorn-33771.exe
868	Unicorn-60413.exe
2024	Unicorn-1653.exe
2172	Unicorn-60413.exe
2804	Unicorn-59619.exe
2724	Unicorn-35669.exe
1392	Unicorn-39199.exe
2744	Unicorn-6334.exe
2528	Unicorn-17003.exe
2588	Unicorn-32785.exe
2232	Unicorn-8835.exe
2912	Unicorn-43091.exe
2836	Unicorn-47175.exe
2900	Unicorn-12364.exe
1536	Unicorn-39007.exe
1664	Unicorn-39007.exe
1600	Unicorn-53952.exe
1508	Unicorn-49676.exe
1668	Unicorn-49676.exe
2800	Unicorn-4004.exe
2332	Unicorn-10781.exe
632	Unicorn-65457.exe
308	Unicorn-65457.exe
1672	Unicorn-6697.exe
1476	Unicorn-31114.exe
1588	Unicorn-7164.exe
1948	Unicorn-41228.exe
1320	Unicorn-14585.exe
1720	Unicorn-56173.exe
2596	Unicorn-43174.exe
2200	Unicorn-45867.exe
1796	Unicorn-30922.exe
1628	Unicorn-33422.exe
2656	Unicorn-22562.exe
2820	Unicorn-39666.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exeUnicorn-54305.exeUnicorn-40552.exeUnicorn-60418.exeUnicorn-58555.exeUnicorn-27829.exeUnicorn-7963.exeUnicorn-20813.exe

description	pid	process	target process
PID 1944 wrote to memory of 2400	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-54305.exe
PID 1944 wrote to memory of 2400	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-54305.exe
PID 1944 wrote to memory of 2400	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-54305.exe
PID 1944 wrote to memory of 2400	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-54305.exe
PID 2400 wrote to memory of 2132	2400	Unicorn-54305.exe	Unicorn-60418.exe
PID 2400 wrote to memory of 2132	2400	Unicorn-54305.exe	Unicorn-60418.exe
PID 2400 wrote to memory of 2132	2400	Unicorn-54305.exe	Unicorn-60418.exe
PID 2400 wrote to memory of 2132	2400	Unicorn-54305.exe	Unicorn-60418.exe
PID 1944 wrote to memory of 1252	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-40552.exe
PID 1944 wrote to memory of 1252	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-40552.exe
PID 1944 wrote to memory of 1252	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-40552.exe
PID 1944 wrote to memory of 1252	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	Unicorn-40552.exe
PID 1944 wrote to memory of 2636	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	WerFault.exe
PID 1944 wrote to memory of 2636	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	WerFault.exe
PID 1944 wrote to memory of 2636	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	WerFault.exe
PID 1944 wrote to memory of 2636	1944	6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe	WerFault.exe
PID 1252 wrote to memory of 2628	1252	Unicorn-40552.exe	Unicorn-58555.exe
PID 1252 wrote to memory of 2628	1252	Unicorn-40552.exe	Unicorn-58555.exe
PID 1252 wrote to memory of 2628	1252	Unicorn-40552.exe	Unicorn-58555.exe
PID 1252 wrote to memory of 2628	1252	Unicorn-40552.exe	Unicorn-58555.exe
PID 2400 wrote to memory of 3048	2400	Unicorn-54305.exe	Unicorn-7963.exe
PID 2400 wrote to memory of 3048	2400	Unicorn-54305.exe	Unicorn-7963.exe
PID 2400 wrote to memory of 3048	2400	Unicorn-54305.exe	Unicorn-7963.exe
PID 2400 wrote to memory of 3048	2400	Unicorn-54305.exe	Unicorn-7963.exe
PID 2132 wrote to memory of 2556	2132	Unicorn-60418.exe	Unicorn-27829.exe
PID 2132 wrote to memory of 2556	2132	Unicorn-60418.exe	Unicorn-27829.exe
PID 2132 wrote to memory of 2556	2132	Unicorn-60418.exe	Unicorn-27829.exe
PID 2132 wrote to memory of 2556	2132	Unicorn-60418.exe	Unicorn-27829.exe
PID 2400 wrote to memory of 2376	2400	Unicorn-54305.exe	WerFault.exe
PID 2400 wrote to memory of 2376	2400	Unicorn-54305.exe	WerFault.exe
PID 2400 wrote to memory of 2376	2400	Unicorn-54305.exe	WerFault.exe
PID 2400 wrote to memory of 2376	2400	Unicorn-54305.exe	WerFault.exe
PID 2628 wrote to memory of 2768	2628	Unicorn-58555.exe	Unicorn-20813.exe
PID 2628 wrote to memory of 2768	2628	Unicorn-58555.exe	Unicorn-20813.exe
PID 2628 wrote to memory of 2768	2628	Unicorn-58555.exe	Unicorn-20813.exe
PID 2628 wrote to memory of 2768	2628	Unicorn-58555.exe	Unicorn-20813.exe
PID 1252 wrote to memory of 2848	1252	Unicorn-40552.exe	Unicorn-23313.exe
PID 1252 wrote to memory of 2848	1252	Unicorn-40552.exe	Unicorn-23313.exe
PID 1252 wrote to memory of 2848	1252	Unicorn-40552.exe	Unicorn-23313.exe
PID 1252 wrote to memory of 2848	1252	Unicorn-40552.exe	Unicorn-23313.exe
PID 2556 wrote to memory of 1224	2556	Unicorn-27829.exe	Unicorn-4284.exe
PID 2556 wrote to memory of 1224	2556	Unicorn-27829.exe	Unicorn-4284.exe
PID 2556 wrote to memory of 1224	2556	Unicorn-27829.exe	Unicorn-4284.exe
PID 2556 wrote to memory of 1224	2556	Unicorn-27829.exe	Unicorn-4284.exe
PID 3048 wrote to memory of 1052	3048	Unicorn-7963.exe	Unicorn-4284.exe
PID 3048 wrote to memory of 1052	3048	Unicorn-7963.exe	Unicorn-4284.exe
PID 3048 wrote to memory of 1052	3048	Unicorn-7963.exe	Unicorn-4284.exe
PID 3048 wrote to memory of 1052	3048	Unicorn-7963.exe	Unicorn-4284.exe
PID 2132 wrote to memory of 1332	2132	Unicorn-60418.exe	Unicorn-11061.exe
PID 2132 wrote to memory of 1332	2132	Unicorn-60418.exe	Unicorn-11061.exe
PID 2132 wrote to memory of 1332	2132	Unicorn-60418.exe	Unicorn-11061.exe
PID 2132 wrote to memory of 1332	2132	Unicorn-60418.exe	Unicorn-11061.exe
PID 1252 wrote to memory of 284	1252	Unicorn-40552.exe	WerFault.exe
PID 1252 wrote to memory of 284	1252	Unicorn-40552.exe	WerFault.exe
PID 1252 wrote to memory of 284	1252	Unicorn-40552.exe	WerFault.exe
PID 1252 wrote to memory of 284	1252	Unicorn-40552.exe	WerFault.exe
PID 2132 wrote to memory of 288	2132	Unicorn-60418.exe	WerFault.exe
PID 2132 wrote to memory of 288	2132	Unicorn-60418.exe	WerFault.exe
PID 2132 wrote to memory of 288	2132	Unicorn-60418.exe	WerFault.exe
PID 2132 wrote to memory of 288	2132	Unicorn-60418.exe	WerFault.exe
PID 2768 wrote to memory of 264	2768	Unicorn-20813.exe	Unicorn-37196.exe
PID 2768 wrote to memory of 264	2768	Unicorn-20813.exe	Unicorn-37196.exe
PID 2768 wrote to memory of 264	2768	Unicorn-20813.exe	Unicorn-37196.exe
PID 2768 wrote to memory of 264	2768	Unicorn-20813.exe	Unicorn-37196.exe

C:\Users\Admin\AppData\Local\Temp\6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe
"C:\Users\Admin\AppData\Local\Temp\6079383a61e368baa45cb5cb646a856d9aa5085ed840bf345876bbcbd38915a8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
        10⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        11⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        12⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        13⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        14⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11696 -s 208
        15⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 220
        14⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        13⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        12⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
        11⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        10⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44736.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        11⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        12⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        13⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        14⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        12⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
        11⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        9⤵
        Program crash
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        11⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        12⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        13⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        14⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
        13⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        12⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        9⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        8⤵
        Program crash
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        10⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        12⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        13⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
        14⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
        14⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
        13⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        12⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        11⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        11⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        12⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        13⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        11⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        10⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        11⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        12⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        13⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        12⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        8⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        7⤵
        Program crash
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        11⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        12⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 236
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        11⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        9⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
        8⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        11⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        12⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        13⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
        13⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        11⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 220
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        8⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 220
        7⤵
        Program crash
        
        PID:2396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        6⤵
        Program crash
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        8⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39905.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        11⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
        12⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        13⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        14⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
        14⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
        13⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        12⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 236
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        10⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        11⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        12⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        13⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
        12⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 220
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44394.exe
        11⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        12⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        13⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11532 -s 216
        13⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        8⤵
        Program crash
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
        8⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        10⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 220
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
        8⤵
        Program crash
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        10⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
        11⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        12⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
        11⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 220
        10⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        9⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        8⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        
        PID:4124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        6⤵
        Program crash
        
        PID:1532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 220
        8⤵
        Program crash
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        12⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        13⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 236
        12⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        11⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        10⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
        8⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 220
        7⤵
        Program crash
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        11⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        12⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        13⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        12⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 220
        11⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 236
        10⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        8⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
        7⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
        10⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52705.exe
        11⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        12⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
        11⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        10⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        9⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        6⤵
        Program crash
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        11⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        12⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        13⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        14⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
        14⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        13⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        12⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        10⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        11⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33484.exe
        12⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 236
        12⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        11⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        10⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20696.exe
        11⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        11⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
        7⤵
        Program crash
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
        9⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        10⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        11⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        12⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        9⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        8⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        7⤵
        Program crash
        
        PID:4032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:2036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        5⤵
        Program crash
        
        PID:2748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        11⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        12⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        13⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        14⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
        13⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        12⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 220
        12⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        8⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 220
        11⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        8⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        7⤵
        Program crash
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        10⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        12⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        13⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        12⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        11⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        9⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        10⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 220
        11⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 220
        10⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        9⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        8⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 220
        7⤵
        
        PID:4192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
        6⤵
        Program crash
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        7⤵
        Program crash
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        6⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        9⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        10⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        11⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
        11⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 236
        10⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        9⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        8⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 216
        7⤵
        
        PID:4200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        6⤵
        Program crash
        
        PID:580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        5⤵
        Program crash
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        11⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        12⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
        13⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 236
        13⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 236
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        10⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        8⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
        11⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        12⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        11⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        10⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 220
        9⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        9⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        10⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        11⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        12⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
        11⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        10⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        9⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        7⤵
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        6⤵
        Program crash
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
        9⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        10⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        11⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        12⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
        12⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
        9⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        8⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        7⤵
        Program crash
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        9⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        10⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        11⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 216
        11⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        10⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        9⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        8⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        7⤵
        
        PID:5312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
        6⤵
        Program crash
        
        PID:4080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        5⤵
        Program crash
        
        PID:1564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        10⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
        11⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        12⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        13⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        14⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        15⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 220
        14⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 220
        13⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        12⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        11⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        11⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        12⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        13⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        14⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 220
        13⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        12⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        9⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
        13⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        14⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11348 -s 216
        14⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 220
        12⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        9⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        8⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
        11⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        12⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        13⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        14⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 220
        13⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        12⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        12⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        13⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
        13⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 236
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 220
        11⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        8⤵
        Program crash
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        7⤵
        Program crash
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12530.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        10⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        12⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        13⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        14⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        13⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 220
        12⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        10⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        11⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        12⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 236
        12⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        11⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 236
        10⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        9⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        11⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        12⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
        13⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 236
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        11⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        10⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        8⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        7⤵
        Program crash
        
        PID:3444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 240
        6⤵
        Program crash
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        12⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        13⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        14⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        13⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        12⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        11⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        12⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        13⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        12⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        10⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        12⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        13⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        10⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10434.exe
        11⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 236
        12⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 220
        11⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
        7⤵
        Program crash
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        11⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
        12⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 216
        12⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        11⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        9⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        10⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        11⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 236
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 236
        10⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 236
        9⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        8⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        7⤵
        
        PID:4696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:2392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        5⤵
        Program crash
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        6⤵
        Executes dropped EXE
        
        PID:1876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        6⤵
        Program crash
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        11⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        12⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        10⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        9⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        9⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        10⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        11⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 236
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        10⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
        9⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        8⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        6⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        9⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        10⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
        11⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
        11⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 236
        10⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        9⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        8⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        7⤵
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        6⤵
        Program crash
        
        PID:3748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        5⤵
        Program crash
        
        PID:1244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        12⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        13⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        14⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
        13⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 220
        12⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        11⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        11⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        12⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 216
        12⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        11⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        10⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        7⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        10⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        11⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        12⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
        12⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        10⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        8⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 200
        7⤵
        Program crash
        
        PID:2548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        6⤵
        Program crash
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        10⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        11⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        12⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
        12⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        11⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        10⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        10⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
        11⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 216
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 236
        10⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
        9⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        8⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        9⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        9⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        8⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        7⤵
        
        PID:4512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:3800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        5⤵
        Program crash
        
        PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        11⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
        12⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        13⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        11⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        11⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        10⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        9⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        8⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        10⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        11⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
        11⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 220
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        9⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        8⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        7⤵
        
        PID:5100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        6⤵
        Program crash
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
        6⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        10⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        11⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        12⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        11⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        10⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 236
        9⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        8⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        7⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        8⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
        10⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        9⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        8⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        7⤵
        
        PID:7084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        6⤵
        
        PID:4504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        5⤵
        Program crash
        
        PID:2524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
      4⤵
      Program crash
      PID:2160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
  2⤵
  - Program crash
  PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe

Filesize
184KB

MD5
fe667dfa4ce593efa0db8b3588504eea

SHA1
9758aa489c385ccfbcf1760a5e3fb8e163f5a19b

SHA256
8df792dfc10f3a93431f1098f18b3ecbe42fdd3b22759fa014d2605abafa64bf

SHA512
c7e9a71722cce5cb9b77d3fe22d57374e57676a4b329622611b5eb7fe30588a1ed628021d856bba1d0ee3069998ba51a2b68729e814093af840116d2c389315b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe

Filesize
184KB

MD5
72ebefbe45986615380aab06afe7ea8a

SHA1
dcb51f08ce2c096053da291703ebcd3f584f152c

SHA256
e04ec8ebab53d28ea765d7be7abbf0adfadd124f04a3277dc7c174b8a1b8cd6e

SHA512
8613f8cec91ad7916c5570cce4a040e82e0e81086f8ab4e285fb75122d495ac78e4d6940d6c7f3b46a088ae88a7133bc5f3a57109a70b9dcccab88a836f2ba31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe

Filesize
184KB

MD5
c8923069ea0458b91446ced8d845b416

SHA1
6c99313e055c4ace48b03950f3ae7f8598414f6b

SHA256
2b2eb587693ef9e35ccd41470d2b8699c9cc9e3628a163f7d360d6aad4648879

SHA512
ded3653c48b9a7452ce3eaa594f308d57d207c3d77382507a0ac894eb282ed2237f1cf3bab490b2f12010a025c5d9335043647194163cf80dd977877b5088512

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe

Filesize
184KB

MD5
b8c519fee858872bec69cb440594657d

SHA1
172fe83437f9f381b056d3b1bbb5e44113ec934d

SHA256
20ffda45667fc328d72ad6fa7d8da3e4370d331c2cd1a7fc4d2389913a325c2f

SHA512
2b13f92f20db1a2c853e25b233585939b3f010df377a53983abcd6f373b7efe88923c9339294666ee8f158b4bddfa5c4f9b382695cb4a20ace218a53b4269714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe

Filesize
184KB

MD5
de072270ebc07e03465e334b1542aaec

SHA1
b18f028bffb39cea18849b29d7f8e50177b3d509

SHA256
b38b42f1cf0e06fed5c603da83afe1b7aed50fb3eb94866457be0b917a136b43

SHA512
1c60442f2d95fb74e61cd4cafd66bea46e46f09b7e42109b7a2b397b083844c30129636da74ae4f9f47bd263f17b6a18f5309d07490eb2f0093693982ecbe3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe

Filesize
184KB

MD5
c43ed846e93e6459bac6d0c32a880bb5

SHA1
1e935cc73e260aa4ff7b1f5284d1a5a7d0648d18

SHA256
51cfd46124b34047fffb1d11e9de8b9a6711d35c28ae9fe4abf0d82330b92531

SHA512
c6b758ff1e169245be9221ee03c4967ef482f056a39a12ac7ae1d1faee05e318bba46c41ff181270dbe52bfd73ea5dcef1519d47fbc0373dff3e38192cb3abfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe

Filesize
184KB

MD5
9d557340d0193b1b3b2b9127cf2fcf59

SHA1
cc78b8e1633c2db66b1fd2687161a350b197c097

SHA256
4f9c03649f4925c4dcb4d1a4f29f013a1ed7890e8b5b3cfb368bdf0dd29d6529

SHA512
2f5fcc97d6822cae9bb9e2559c18eadc418e3c1108cd55604b2d2ff08e0d26b3b603db9212ebb00afbe9b2e4b2e21549e88ce3dc2ced46c6b98f2e07a3b80288

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe

Filesize
184KB

MD5
9c71ea5c9901111f03514ad1f721b878

SHA1
73a3bdfa526bbf50aeea0dcd18ddd9f5b8c322fe

SHA256
e6b948de35bcdf896206efccd4e113b1213b2f4ad7a81337a75549e112e51214

SHA512
33ac3b275389363fceba7f2e71c79a47385c9ec88a41b23a33c0b86088de353cbbc24e02c74f86c78a8cdf693b06a129a931d91a5e8e6e86fb7d7fd42abcfbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe

Filesize
184KB

MD5
8ae02ddea99ffc7cdc6b67c07bfae327

SHA1
8715e628e486fc630be6e71038e7eff0da71be72

SHA256
f0bb6fe37219e6bdd216d7cd142cb04624846e59d5efdb573cced00dd1b92e02

SHA512
a04f349c341151ae08635d5fa0d133257dfff3b89483fbbadc1a9a9c378ca6426a72c0ec7871dfef060c2761cdd7e26cf595b235a49c744aeef011022587b181

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe

Filesize
184KB

MD5
f1d2e5cbcc3aa85eeab888d296d08297

SHA1
851b1d9ec2431b714a6d68bac8860d32f905093c

SHA256
6cbcd0578f3480e1078f8ab7bfd5ed8dbf938b9a43453e5b3316ec658757912d

SHA512
e9e76b53764e8e92b696750456d1df13e318ab60a4aa4b48a9e325b7415d75454f7f349f17b1dcbc3e710006d443ecabfd07136ed657c8cdbf1ab1b73f74ff05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe

Filesize
184KB

MD5
51dbfdb5f90f537dd56e17f8b0aab9dc

SHA1
45cb74b0f8a992ccd865db489be4406f539e3c6b

SHA256
807d448ca12d8c448bc47afc8b6b59c05ce6d9e1efce64aeafe66b56a000e569

SHA512
4253ae93f0f5e98572bc403dfe259c4eb0699e2ed2c8f84ac4030b3d5c2a3734ed7bee8389e3e6b35ac38c2403bd932e15c73ae728e0ba344f75a35954d8a621

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe

Filesize
184KB

MD5
3f1b4d2853ef8737c222db5401e29736

SHA1
856c9da488040f0018088a46a84e94fbd9f13785

SHA256
b4a189bc8f0af3dea009128cce0d523ae74b08142b82a86d6133bb9bbee275d8

SHA512
999ec40388911e00d30b7b4243e0a89e3d3f2dfcacea97628463afde22f6fb26be60d7d6eb3f3a7c027940141c53ae8e2d657b47c5d4536c70406bd49e3ad5fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe

Filesize
184KB

MD5
58e1ccce88e0afa953ed8f6a30047036

SHA1
b67fb42626ce3428d8b95aee67db18ecf8b3fa5a

SHA256
4155dc55d5271fafc01665733bac9b2ecfa9005efa9be4daa7e0b0c5430c4924

SHA512
a86deb9b98d98d4dacdddb5ac9d64d1bf7c5b9559a6b4881f6a9a390164d1a5dd157db4b47962c51723146dae35c6e2150b8947029ca44cbca7d8bad60319c4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe

Filesize
184KB

MD5
1f9a4185e2c82108c03c5efec1442a53

SHA1
600b23557c85687df973edaf3605fff6ad4f25a6

SHA256
b8107bf6c2ec8dad3ba9766786f1eca01b9e591b1f39995d9d1102b6a91ef713

SHA512
8e86b5769195bc1003a87f4c4081f4a6072fe8149cd81304b2ae78b2c5bf22b541231e558fc4b1804d30ef2e82d89cd0939d96ea423bbed657c1f21798f4616c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe

Filesize
184KB

MD5
6f554b5fd4f8f3679e120ef3cd53c37d

SHA1
41dc48812d4d5d801cf6392eb6decf0da2a14efd

SHA256
7ae1c6086623f079b83f5da3e706a2573749607dff3a22ed83d8e72d726c1ae1

SHA512
2f41437cfa808852efb7c7dcdadceb1edaab659bae4a4e09dea28f1288aa1c110bd4f7affe21ec41afa365a4485224e48a0a91df02b408579d32faaff3d17594

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe

Filesize
184KB

MD5
a344b96b371d690cd67c90c006f5f885

SHA1
5e863e35dbfc782725b5029fc41d662d70779370

SHA256
fffb1bd4a4c2c3cf8022e49a022075166ac54eaec7aa09ea400dbfdf4febcf19

SHA512
986f07774f59b8d9b81f5ce668572dd19a87b7ad4ea3b26f10b03291378bab83f70177a6a8c30c85a08fada696145fff283778c04cb4a2389b5ccf9f7d7f5ec9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe

Filesize
184KB

MD5
ec057ed96f32b4e8ea3c650c057d01c8

SHA1
3bc08ec6ba8311a5dd4290d03350cb26de79fb4c

SHA256
6c39a9edc2f713e5d9fcbd9c9b4bbb2c7e3e522894f8fdec098e83e0e4075866

SHA512
b78b97ad6463aaaf9726c444b3bf67fabef9087a53bcded9a6b4f8bc0651aee8a05374a77857644e77c471e03ded294f73335e124c245b5bede9ccaee9c11b6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe

Filesize
184KB

MD5
6a7117c7ecf2832f3281b14ad435377c

SHA1
e30eb555a6cefe878d55bb54af266e933a339dea

SHA256
1e7f542a30b647c35b43378c4289e81427e04490d590ff4ad4912424223cff7a

SHA512
e26aeca443a9ae0a993727c223b7bab8c3a5b4b85666cb94b0d1cbd629150c6d5b45db9355389220333df148db86f547dff59899cc63c6ec8ec80dd601129629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe

Filesize
184KB

MD5
de92c80e8c2c4e8ae1a9f20d09d96c78

SHA1
731c724aa2a90bfff9b86aabe4b4a896ea751009

SHA256
2b9bce1f586dfca86598bdb444a21ae6bc88eeb371bb8cfc118e04b2660c1b33

SHA512
43e5b9ee2d063137e6c3231a75bf8959b9fa1e4c2b646c39ba1a1490e3af7edb675f50474125bf31f5379ca14fe6a77c6727bef39e4ff8f12278348dbbe1e486

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe

Filesize
184KB

MD5
409f8661f0427d74a9e4586281def255

SHA1
2a475a6d27973f7d9f20bf4f7c6a1817328f7fc1

SHA256
f4c4b338ff416539d164c193c45f92b6dde9302005466eedcfca32ed57a5d54e

SHA512
5c7ca141635a3d98b9a0ab84d56cef72c5744c79c9a8efb71abc3aee830692477ee13f2ba0e839d962dcc2db493936f4aef7c4e9a2ef4e0f064bd831486ace4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe

Filesize
184KB

MD5
b7760a846cdfbcabb9a4f08065367963

SHA1
8a546a2626d2bce0e24bd61761aaac763e8c286f

SHA256
30b58cb04696ca20d2d6d3d8803ec6e9b38460f92e51cc87f5cff648da453961

SHA512
4e77f9fa451d196e587877ca521b5b0d06983189220e9d888b4506c96901d41e59039ef891612dca0435761514e4ea1e4b821c12da4c37debee3d016ecfa9ffa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe

Filesize
184KB

MD5
f8d570cf43cbbf3b24abc7eb7a41cd9b

SHA1
7ca1be7cc8079fc530aad76f4cba0822dadc26d5

SHA256
96cbf2a1166c34c4db530e23b08f4ded4b4b983d69865c70f787b5f14eac735d

SHA512
5619863a92462526869e8026c61e593dd2ca63a6e90bee14b866de2fb8c2bf615093cac6ef2a2fd854a89262fc13efa2a5bc8361092b09a4466c12ad34f04592

Download Submit