61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
Size

184KB
MD5

3719e5d3b5758aa5b13f028d433a23c3
SHA1

454cc91233becbcfd8c9c3ab1621450efca78db8
SHA256

61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84
SHA512

d7114a11a63f0df579a4daefd58ec62d20e238bcfec5841fa9d196a0ede0b8128b8a23ef3215deedc659429473c0ec56a4bda13382136fdd7d255d7535820181
SSDEEP

3072:ShK3WxobrJOedGTWqBYLuQsGRlSViFin3:ShBoYaGT8L/sGRlSViFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-1068.exeUnicorn-22126.exeUnicorn-34976.exeUnicorn-49449.exeUnicorn-56226.exeUnicorn-43466.exeUnicorn-50243.exeUnicorn-51395.exeUnicorn-28090.exeUnicorn-54732.exeUnicorn-4140.exeUnicorn-46647.exeUnicorn-37087.exeUnicorn-56953.exeUnicorn-56953.exeUnicorn-64306.exeUnicorn-19765.exeUnicorn-39631.exeUnicorn-65458.exeUnicorn-55666.exeUnicorn-62443.exeUnicorn-55666.exeUnicorn-16772.exeUnicorn-51582.exeUnicorn-58359.exeUnicorn-45936.exeUnicorn-45936.exeUnicorn-21986.exeUnicorn-3533.exeUnicorn-59511.exeUnicorn-62848.exeUnicorn-12256.exeUnicorn-58764.exeUnicorn-28038.exeUnicorn-8172.exeUnicorn-23954.exeUnicorn-28038.exeUnicorn-4088.exeUnicorn-9802.exeUnicorn-51390.exeUnicorn-40529.exeUnicorn-16579.exeUnicorn-28277.exeUnicorn-50835.exeUnicorn-30969.exeUnicorn-16025.exeUnicorn-22055.exeUnicorn-24555.exeUnicorn-58811.exeUnicorn-58811.exeUnicorn-28085.exeUnicorn-4135.exeUnicorn-50643.exeUnicorn-4135.exeUnicorn-19917.exeUnicorn-26693.exeUnicorn-15833.exeUnicorn-61504.exeUnicorn-29429.exeUnicorn-36205.exeUnicorn-47903.exeUnicorn-11509.exeUnicorn-41489.exeUnicorn-50726.exe

pid	process
1252	Unicorn-1068.exe
2628	Unicorn-22126.exe
2680	Unicorn-34976.exe
2632	Unicorn-49449.exe
2468	Unicorn-56226.exe
1200	Unicorn-43466.exe
2028	Unicorn-50243.exe
772	Unicorn-51395.exe
1608	Unicorn-28090.exe
352	Unicorn-54732.exe
848	Unicorn-4140.exe
2404	Unicorn-46647.exe
2284	Unicorn-37087.exe
2844	Unicorn-56953.exe
2620	Unicorn-56953.exe
1920	Unicorn-64306.exe
3024	Unicorn-19765.exe
840	Unicorn-39631.exe
2788	Unicorn-65458.exe
1696	Unicorn-55666.exe
1700	Unicorn-62443.exe
1864	Unicorn-55666.exe
1780	Unicorn-16772.exe
1344	Unicorn-51582.exe
1012	Unicorn-58359.exe
1712	Unicorn-45936.exe
2852	Unicorn-45936.exe
2220	Unicorn-21986.exe
2044	Unicorn-3533.exe
1600	Unicorn-59511.exe
2352	Unicorn-62848.exe
2372	Unicorn-12256.exe
1636	Unicorn-58764.exe
2664	Unicorn-28038.exe
1284	Unicorn-8172.exe
2656	Unicorn-23954.exe
2596	Unicorn-28038.exe
2568	Unicorn-4088.exe
2516	Unicorn-9802.exe
2736	Unicorn-51390.exe
1540	Unicorn-40529.exe
2752	Unicorn-16579.exe
2172	Unicorn-28277.exe
1792	Unicorn-50835.exe
2040	Unicorn-30969.exe
1624	Unicorn-16025.exe
2932	Unicorn-22055.exe
2536	Unicorn-24555.exe
268	Unicorn-58811.exe
2312	Unicorn-58811.exe
2288	Unicorn-28085.exe
600	Unicorn-4135.exe
2936	Unicorn-50643.exe
1472	Unicorn-4135.exe
2324	Unicorn-19917.exe
1156	Unicorn-26693.exe
1032	Unicorn-15833.exe
2152	Unicorn-61504.exe
1808	Unicorn-29429.exe
1744	Unicorn-36205.exe
1252	Unicorn-47903.exe
2592	Unicorn-11509.exe
2504	Unicorn-41489.exe
1656	Unicorn-50726.exe

Loads dropped DLL 64 IoCs

Processes:

61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exeUnicorn-22126.exeUnicorn-34976.exeWerFault.exeUnicorn-49449.exeWerFault.exeUnicorn-56226.exeUnicorn-50243.exeUnicorn-43466.exeWerFault.exeWerFault.exeUnicorn-51395.exeUnicorn-4140.exeUnicorn-54732.exeWerFault.exeWerFault.exeUnicorn-46647.exe

pid	process
2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
2628	Unicorn-22126.exe
2628	Unicorn-22126.exe
2680	Unicorn-34976.exe
2680	Unicorn-34976.exe
2628	Unicorn-22126.exe
2628	Unicorn-22126.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2632	Unicorn-49449.exe
2680	Unicorn-34976.exe
2632	Unicorn-49449.exe
2680	Unicorn-34976.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2468	Unicorn-56226.exe
2468	Unicorn-56226.exe
2028	Unicorn-50243.exe
2028	Unicorn-50243.exe
1200	Unicorn-43466.exe
1200	Unicorn-43466.exe
2632	Unicorn-49449.exe
2632	Unicorn-49449.exe
1804	WerFault.exe
824	WerFault.exe
1804	WerFault.exe
824	WerFault.exe
1804	WerFault.exe
824	WerFault.exe
1804	WerFault.exe
824	WerFault.exe
1804	WerFault.exe
824	WerFault.exe
772	Unicorn-51395.exe
772	Unicorn-51395.exe
1200	Unicorn-43466.exe
1200	Unicorn-43466.exe
848	Unicorn-4140.exe
352	Unicorn-54732.exe
848	Unicorn-4140.exe
352	Unicorn-54732.exe
2028	Unicorn-50243.exe
2028	Unicorn-50243.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
772	Unicorn-51395.exe
2404	Unicorn-46647.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1280	2524	WerFault.exe	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
2456	2628	WerFault.exe	Unicorn-22126.exe
2540	2680	WerFault.exe	Unicorn-34976.exe
1804	2632	WerFault.exe	Unicorn-49449.exe
824	2468	WerFault.exe	Unicorn-56226.exe
1476	2028	WerFault.exe	Unicorn-50243.exe
568	1200	WerFault.exe	Unicorn-43466.exe
984	772	WerFault.exe	Unicorn-51395.exe
1256	352	WerFault.exe	Unicorn-54732.exe
548	848	WerFault.exe	Unicorn-4140.exe
2876	1608	WerFault.exe	Unicorn-28090.exe
2464	2404	WerFault.exe	Unicorn-46647.exe
2780	2620	WerFault.exe	Unicorn-56953.exe
2764	2284	WerFault.exe	Unicorn-37087.exe
1716	1920	WerFault.exe	Unicorn-64306.exe
332	2844	WerFault.exe	Unicorn-56953.exe
1360	840	WerFault.exe	Unicorn-39631.exe
1288	3024	WerFault.exe	Unicorn-19765.exe
2016	2788	WerFault.exe	Unicorn-65458.exe
496	1780	WerFault.exe	Unicorn-16772.exe
2548	1696	WerFault.exe	Unicorn-55666.exe
3068	1344	WerFault.exe	Unicorn-51582.exe
2532	1700	WerFault.exe	Unicorn-62443.exe
2556	1012	WerFault.exe	Unicorn-58359.exe
1924	1712	WerFault.exe	Unicorn-45936.exe
444	2852	WerFault.exe	Unicorn-45936.exe
2944	2220	WerFault.exe	Unicorn-21986.exe
1632	2044	WerFault.exe	Unicorn-3533.exe
1832	1600	WerFault.exe	Unicorn-59511.exe
1616	2352	WerFault.exe	Unicorn-62848.exe
1152	1284	WerFault.exe	Unicorn-8172.exe
852	2372	WerFault.exe	Unicorn-12256.exe
2768	2664	WerFault.exe	Unicorn-28038.exe
1724	2568	WerFault.exe	Unicorn-4088.exe
2348	1636	WerFault.exe	Unicorn-58764.exe
2960	2596	WerFault.exe	Unicorn-28038.exe
3804	2516	WerFault.exe	Unicorn-9802.exe
3836	1540	WerFault.exe	Unicorn-40529.exe
3940	2752	WerFault.exe	Unicorn-16579.exe
3984	2736	WerFault.exe	Unicorn-51390.exe
4088	2040	WerFault.exe	Unicorn-30969.exe
3216	2172	WerFault.exe	Unicorn-28277.exe
3248	2932	WerFault.exe	Unicorn-22055.exe
3324	2536	WerFault.exe	Unicorn-24555.exe
3408	1156	WerFault.exe	Unicorn-26693.exe
3520	268	WerFault.exe	Unicorn-58811.exe
3168	2312	WerFault.exe	Unicorn-58811.exe
3656	1624	WerFault.exe	Unicorn-16025.exe
3692	1472	WerFault.exe	Unicorn-4135.exe
3732	2504	WerFault.exe	Unicorn-41489.exe
3780	1792	WerFault.exe	Unicorn-50835.exe
4068	2288	WerFault.exe	Unicorn-28085.exe
2936	1588	WerFault.exe	Unicorn-63554.exe
3112	1808	WerFault.exe	Unicorn-29429.exe
3648	2096	WerFault.exe	Unicorn-710.exe
3716	2420	WerFault.exe	Unicorn-45827.exe
3668	600	WerFault.exe	Unicorn-4135.exe
3612	952	WerFault.exe	Unicorn-155.exe
4132	2452	WerFault.exe	Unicorn-63362.exe
4140	1400	WerFault.exe	Unicorn-61416.exe
4176	2740	WerFault.exe	Unicorn-43496.exe
4208	2324	WerFault.exe	Unicorn-19917.exe
4216	2868	WerFault.exe	Unicorn-53248.exe
4236	2132	WerFault.exe	Unicorn-53248.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exeUnicorn-22126.exeUnicorn-34976.exeUnicorn-49449.exeUnicorn-56226.exeUnicorn-50243.exeUnicorn-43466.exeUnicorn-51395.exeUnicorn-28090.exeUnicorn-54732.exeUnicorn-4140.exeUnicorn-46647.exeUnicorn-56953.exeUnicorn-56953.exeUnicorn-37087.exeUnicorn-64306.exeUnicorn-39631.exeUnicorn-19765.exeUnicorn-65458.exeUnicorn-16772.exeUnicorn-62443.exeUnicorn-51582.exeUnicorn-55666.exeUnicorn-58359.exeUnicorn-45936.exeUnicorn-45936.exeUnicorn-21986.exeUnicorn-3533.exeUnicorn-59511.exeUnicorn-62848.exeUnicorn-12256.exeUnicorn-28038.exeUnicorn-58764.exeUnicorn-23954.exeUnicorn-8172.exeUnicorn-28038.exeUnicorn-4088.exeUnicorn-9802.exeUnicorn-51390.exeUnicorn-40529.exeUnicorn-16579.exeUnicorn-28277.exeUnicorn-50835.exeUnicorn-30969.exeUnicorn-16025.exeUnicorn-22055.exeUnicorn-24555.exeUnicorn-58811.exeUnicorn-58811.exeUnicorn-50643.exeUnicorn-4135.exeUnicorn-28085.exeUnicorn-19917.exeUnicorn-26693.exeUnicorn-15833.exeUnicorn-4135.exeUnicorn-61504.exeUnicorn-29429.exeUnicorn-36205.exeUnicorn-47903.exeUnicorn-11509.exeUnicorn-41489.exeUnicorn-50726.exeUnicorn-9371.exe

pid	process
2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
2628	Unicorn-22126.exe
2680	Unicorn-34976.exe
2632	Unicorn-49449.exe
2468	Unicorn-56226.exe
2028	Unicorn-50243.exe
1200	Unicorn-43466.exe
772	Unicorn-51395.exe
1608	Unicorn-28090.exe
352	Unicorn-54732.exe
848	Unicorn-4140.exe
2404	Unicorn-46647.exe
2844	Unicorn-56953.exe
2620	Unicorn-56953.exe
2284	Unicorn-37087.exe
1920	Unicorn-64306.exe
840	Unicorn-39631.exe
3024	Unicorn-19765.exe
2788	Unicorn-65458.exe
1780	Unicorn-16772.exe
1700	Unicorn-62443.exe
1344	Unicorn-51582.exe
1696	Unicorn-55666.exe
1012	Unicorn-58359.exe
1712	Unicorn-45936.exe
2852	Unicorn-45936.exe
2220	Unicorn-21986.exe
2044	Unicorn-3533.exe
1600	Unicorn-59511.exe
2352	Unicorn-62848.exe
2372	Unicorn-12256.exe
2664	Unicorn-28038.exe
1636	Unicorn-58764.exe
2656	Unicorn-23954.exe
1284	Unicorn-8172.exe
2596	Unicorn-28038.exe
2568	Unicorn-4088.exe
2516	Unicorn-9802.exe
2736	Unicorn-51390.exe
1540	Unicorn-40529.exe
2752	Unicorn-16579.exe
2172	Unicorn-28277.exe
1792	Unicorn-50835.exe
2040	Unicorn-30969.exe
1624	Unicorn-16025.exe
2932	Unicorn-22055.exe
2536	Unicorn-24555.exe
2312	Unicorn-58811.exe
268	Unicorn-58811.exe
2936	Unicorn-50643.exe
600	Unicorn-4135.exe
2288	Unicorn-28085.exe
2324	Unicorn-19917.exe
1156	Unicorn-26693.exe
1032	Unicorn-15833.exe
1472	Unicorn-4135.exe
2152	Unicorn-61504.exe
1808	Unicorn-29429.exe
1744	Unicorn-36205.exe
1252	Unicorn-47903.exe
2592	Unicorn-11509.exe
2504	Unicorn-41489.exe
1656	Unicorn-50726.exe
1848	Unicorn-9371.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exeUnicorn-22126.exeUnicorn-34976.exeUnicorn-49449.exeUnicorn-56226.exeUnicorn-50243.exeUnicorn-43466.exe

description	pid	process	target process
PID 2524 wrote to memory of 1252	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-1068.exe
PID 2524 wrote to memory of 1252	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-1068.exe
PID 2524 wrote to memory of 1252	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-1068.exe
PID 2524 wrote to memory of 1252	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-1068.exe
PID 2524 wrote to memory of 2628	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-22126.exe
PID 2524 wrote to memory of 2628	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-22126.exe
PID 2524 wrote to memory of 2628	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-22126.exe
PID 2524 wrote to memory of 2628	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	Unicorn-22126.exe
PID 2524 wrote to memory of 1280	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	WerFault.exe
PID 2524 wrote to memory of 1280	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	WerFault.exe
PID 2524 wrote to memory of 1280	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	WerFault.exe
PID 2524 wrote to memory of 1280	2524	61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe	WerFault.exe
PID 2628 wrote to memory of 2680	2628	Unicorn-22126.exe	Unicorn-34976.exe
PID 2628 wrote to memory of 2680	2628	Unicorn-22126.exe	Unicorn-34976.exe
PID 2628 wrote to memory of 2680	2628	Unicorn-22126.exe	Unicorn-34976.exe
PID 2628 wrote to memory of 2680	2628	Unicorn-22126.exe	Unicorn-34976.exe
PID 2680 wrote to memory of 2632	2680	Unicorn-34976.exe	Unicorn-49449.exe
PID 2680 wrote to memory of 2632	2680	Unicorn-34976.exe	Unicorn-49449.exe
PID 2680 wrote to memory of 2632	2680	Unicorn-34976.exe	Unicorn-49449.exe
PID 2680 wrote to memory of 2632	2680	Unicorn-34976.exe	Unicorn-49449.exe
PID 2628 wrote to memory of 2468	2628	Unicorn-22126.exe	Unicorn-56226.exe
PID 2628 wrote to memory of 2468	2628	Unicorn-22126.exe	Unicorn-56226.exe
PID 2628 wrote to memory of 2468	2628	Unicorn-22126.exe	Unicorn-56226.exe
PID 2628 wrote to memory of 2468	2628	Unicorn-22126.exe	Unicorn-56226.exe
PID 2628 wrote to memory of 2456	2628	Unicorn-22126.exe	WerFault.exe
PID 2628 wrote to memory of 2456	2628	Unicorn-22126.exe	WerFault.exe
PID 2628 wrote to memory of 2456	2628	Unicorn-22126.exe	WerFault.exe
PID 2628 wrote to memory of 2456	2628	Unicorn-22126.exe	WerFault.exe
PID 2632 wrote to memory of 1200	2632	Unicorn-49449.exe	Unicorn-43466.exe
PID 2632 wrote to memory of 1200	2632	Unicorn-49449.exe	Unicorn-43466.exe
PID 2632 wrote to memory of 1200	2632	Unicorn-49449.exe	Unicorn-43466.exe
PID 2632 wrote to memory of 1200	2632	Unicorn-49449.exe	Unicorn-43466.exe
PID 2680 wrote to memory of 2028	2680	Unicorn-34976.exe	Unicorn-50243.exe
PID 2680 wrote to memory of 2028	2680	Unicorn-34976.exe	Unicorn-50243.exe
PID 2680 wrote to memory of 2028	2680	Unicorn-34976.exe	Unicorn-50243.exe
PID 2680 wrote to memory of 2028	2680	Unicorn-34976.exe	Unicorn-50243.exe
PID 2680 wrote to memory of 2540	2680	Unicorn-34976.exe	WerFault.exe
PID 2680 wrote to memory of 2540	2680	Unicorn-34976.exe	WerFault.exe
PID 2680 wrote to memory of 2540	2680	Unicorn-34976.exe	WerFault.exe
PID 2680 wrote to memory of 2540	2680	Unicorn-34976.exe	WerFault.exe
PID 2468 wrote to memory of 772	2468	Unicorn-56226.exe	Unicorn-51395.exe
PID 2468 wrote to memory of 772	2468	Unicorn-56226.exe	Unicorn-51395.exe
PID 2468 wrote to memory of 772	2468	Unicorn-56226.exe	Unicorn-51395.exe
PID 2468 wrote to memory of 772	2468	Unicorn-56226.exe	Unicorn-51395.exe
PID 2028 wrote to memory of 1608	2028	Unicorn-50243.exe	Unicorn-28090.exe
PID 2028 wrote to memory of 1608	2028	Unicorn-50243.exe	Unicorn-28090.exe
PID 2028 wrote to memory of 1608	2028	Unicorn-50243.exe	Unicorn-28090.exe
PID 2028 wrote to memory of 1608	2028	Unicorn-50243.exe	Unicorn-28090.exe
PID 1200 wrote to memory of 352	1200	Unicorn-43466.exe	Unicorn-54732.exe
PID 1200 wrote to memory of 352	1200	Unicorn-43466.exe	Unicorn-54732.exe
PID 1200 wrote to memory of 352	1200	Unicorn-43466.exe	Unicorn-54732.exe
PID 1200 wrote to memory of 352	1200	Unicorn-43466.exe	Unicorn-54732.exe
PID 2632 wrote to memory of 848	2632	Unicorn-49449.exe	Unicorn-4140.exe
PID 2632 wrote to memory of 848	2632	Unicorn-49449.exe	Unicorn-4140.exe
PID 2632 wrote to memory of 848	2632	Unicorn-49449.exe	Unicorn-4140.exe
PID 2632 wrote to memory of 848	2632	Unicorn-49449.exe	Unicorn-4140.exe
PID 2632 wrote to memory of 1804	2632	Unicorn-49449.exe	WerFault.exe
PID 2632 wrote to memory of 1804	2632	Unicorn-49449.exe	WerFault.exe
PID 2632 wrote to memory of 1804	2632	Unicorn-49449.exe	WerFault.exe
PID 2632 wrote to memory of 1804	2632	Unicorn-49449.exe	WerFault.exe
PID 2468 wrote to memory of 824	2468	Unicorn-56226.exe	WerFault.exe
PID 2468 wrote to memory of 824	2468	Unicorn-56226.exe	WerFault.exe
PID 2468 wrote to memory of 824	2468	Unicorn-56226.exe	WerFault.exe
PID 2468 wrote to memory of 824	2468	Unicorn-56226.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe
"C:\Users\Admin\AppData\Local\Temp\61ebd12d3b8a485debe1e7d48473c605b6e9816b5c58391c839b08675a572b84.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        12⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        13⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        14⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        15⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        16⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
        16⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        15⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        14⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        13⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        12⤵
        Program crash
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        12⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        13⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        14⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        15⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        15⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        14⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        13⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
        12⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4602.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        11⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        12⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        13⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
        14⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        15⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 220
        15⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        14⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        13⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        12⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        11⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        10⤵
        Program crash
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        11⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        12⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
        13⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        14⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        15⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 236
        15⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        14⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        13⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        12⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        11⤵
        Program crash
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        12⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        13⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
        14⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 236
        14⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 220
        13⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        12⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        11⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
        10⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 220
        9⤵
        Program crash
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        10⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        11⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        12⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        13⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        14⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        15⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        15⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 220
        14⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
        13⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        12⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 236
        11⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        10⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        11⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        12⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        13⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
        14⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        14⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        13⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        12⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        11⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        10⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        11⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        12⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        13⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 212
        14⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        13⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        12⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        11⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        10⤵
        Program crash
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        9⤵
        Program crash
        
        PID:1724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        8⤵
        Program crash
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        11⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        12⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        13⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        14⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        15⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        15⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        14⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        13⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        12⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        11⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
        12⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        13⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        14⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        14⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        13⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        12⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        11⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        11⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        12⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        13⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5493.exe
        14⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
        14⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        13⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        12⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        11⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        10⤵
        Program crash
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        9⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19974.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        11⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        12⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        13⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        14⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        14⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        13⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        12⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        11⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        11⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        12⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        13⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        13⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        12⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        10⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16357.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        12⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
        13⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        14⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
        14⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        13⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        12⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        10⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
        11⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        12⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        13⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        13⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        12⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        11⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        10⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        11⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        12⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 220
        13⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        11⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
        9⤵
        Program crash
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        8⤵
        Program crash
        
        PID:2556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        7⤵
        Program crash
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        7⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16025.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        10⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        11⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        12⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        13⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        14⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 220
        14⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        12⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        11⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        11⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        12⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 220
        13⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 220
        12⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        11⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        9⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        9⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        11⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        12⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        13⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        14⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
        14⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        13⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        12⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        13⤵
        
        PID:13624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 236
        13⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 220
        12⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
        10⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        12⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        13⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
        13⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 220
        12⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        9⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        8⤵
        Program crash
        
        PID:1832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 220
        7⤵
        Program crash
        
        PID:2764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        11⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        12⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        13⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        14⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        15⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
        15⤵
        
        PID:13604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        14⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        13⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        12⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
        11⤵
        Program crash
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        12⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        13⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        14⤵
        
        PID:708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
        14⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 220
        12⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        11⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        10⤵
        Program crash
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        9⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        11⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        12⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        13⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        14⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 220
        14⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 220
        13⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        12⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        10⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        9⤵
        Program crash
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        11⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        12⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        13⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        14⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 220
        14⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 220
        12⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        11⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        10⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
        9⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        8⤵
        Program crash
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        9⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        12⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        13⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        14⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 216
        14⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        10⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        11⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        12⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        13⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
        13⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        10⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
        9⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        11⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        12⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        13⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
        12⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        9⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        8⤵
        Program crash
        
        PID:1152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        7⤵
        Program crash
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        12⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        13⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        14⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
        14⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 220
        13⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        11⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        10⤵
        Program crash
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        12⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
        13⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 220
        9⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13419.exe
        11⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
        12⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 220
        13⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        12⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        9⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
        8⤵
        Program crash
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        12⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        13⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
        13⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 220
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        11⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
        12⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        10⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        9⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 220
        8⤵
        Program crash
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Program crash
        
        PID:2532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        6⤵
        Program crash
        
        PID:548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
        11⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        12⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
        13⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        14⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 220
        14⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        12⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
        11⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        12⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        12⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 216
        13⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 212
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        10⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        9⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        11⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        12⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        13⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
        13⤵
        
        PID:13460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 220
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
        9⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        8⤵
        Program crash
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        10⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        11⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        12⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        13⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        13⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        12⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        11⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        11⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        12⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 220
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
        11⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        12⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        13⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
        13⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 220
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        8⤵
        Program crash
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        7⤵
        Program crash
        
        PID:2016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        6⤵
        Program crash
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        10⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        11⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        12⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe
        13⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
        14⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        15⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 216
        15⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        14⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        13⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        12⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        11⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30533.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        11⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        12⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        12⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        11⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        10⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
        11⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        12⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        13⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        14⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
        14⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 220
        13⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        12⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        11⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        10⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        9⤵
        Program crash
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        11⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        12⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        13⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        14⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
        14⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        13⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        12⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
        11⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        12⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        13⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
        13⤵
        
        PID:13544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 220
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        11⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        9⤵
        Program crash
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        8⤵
        Program crash
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        9⤵
        Program crash
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
        11⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        12⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        13⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12696 -s 236
        13⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 220
        12⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        7⤵
        Program crash
        
        PID:496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe
        11⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
        12⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        10⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        10⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        11⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        11⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        9⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        8⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        7⤵
        Program crash
        
        PID:852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        6⤵
        Program crash
        
        PID:1716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        10⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        11⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        12⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        13⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        14⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        15⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 220
        15⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 220
        14⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        13⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        12⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        11⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        12⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        13⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
        14⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
        14⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        13⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        12⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
        11⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        11⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        12⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        13⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
        14⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
        14⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        10⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        9⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        10⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        12⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        13⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        14⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 236
        14⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        13⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        12⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        11⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        10⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        9⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        11⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        12⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        13⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
        14⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        14⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        13⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 220
        12⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
        11⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        12⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        13⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
        13⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 220
        12⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        9⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        8⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        10⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        12⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        13⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        13⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        12⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        11⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        12⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
        12⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 236
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        11⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        12⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
        13⤵
        
        PID:13500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 220
        12⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        12⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
        12⤵
        
        PID:14228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        10⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        9⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        8⤵
        Program crash
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        10⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        11⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        12⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        13⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
        13⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        12⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        11⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        13⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        13⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        9⤵
        Program crash
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
        12⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        13⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 236
        13⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        9⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        8⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        10⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        11⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20408.exe
        12⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        13⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        12⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        10⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
        11⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
        11⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        10⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 240
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        8⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        7⤵
        Program crash
        
        PID:2944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        6⤵
        Program crash
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        10⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        12⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        13⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        14⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        14⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        13⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        11⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        12⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        13⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
        12⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        11⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        11⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        13⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        13⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        12⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        11⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        12⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        10⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        11⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        12⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        11⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        10⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        7⤵
        Program crash
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        12⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        13⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
        13⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        11⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        12⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
        12⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        11⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        9⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        Program crash
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        11⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        12⤵
        
        PID:13656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
        11⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        10⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        7⤵
        Program crash
        
        PID:3940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 220
        6⤵
        Program crash
        
        PID:1288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        5⤵
        Program crash
        
        PID:984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
  2⤵
  - Program crash
  PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe

Filesize
184KB

MD5
48232f9ccea1eddc08c674b464a87f56

SHA1
35098d86a9615db1f1e9a584f57a8567b97726d0

SHA256
6b0a959be0df54bbe018dbfee6695f9916f630a26046a2938ff3dbb5e69efed4

SHA512
47aeafe194f36f433856b4717381734093fb3c55ed8497c863e34feec2d83cde515242d0210a3d9d9f80ab34c16d91148e719d11deb70241b45b95949f4041ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe

Filesize
184KB

MD5
640a1da3e3a48268f431e60d21b4428b

SHA1
3d6785b0d2038e9615019fe9cea49ddb3fef961c

SHA256
c0ea0fd9d440004c2e1e70434db969deabccef62a370831487fb68f523f156da

SHA512
ba59c01a48dcd2422abaf8f1a5ecc50880ae350e9bac3ee13aa7405647e10ef2575f46cb7b803039b4b470fd2344bdeeb77ad4960bf585a07c025118fc980350

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe

Filesize
184KB

MD5
57ed72eb7d0e7286fe7092efdfae7663

SHA1
0ee38a25ce2afd6e0201c42353bd46804a234380

SHA256
5f2c1e38aec8f31ee01d66ca5b63c2da8ec88886383fcd6a926f6462e47ab62c

SHA512
b10df5664b1b2bf041041cdf848b493e7f27f3350131f015e3126d4fdaeeb738dad7b4dc73d9504e25e8feae436f5a1563e781251fac37b9413a3c4eda46531d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe

Filesize
184KB

MD5
c37e2b9139c1950f74cf5cc4c5d4e099

SHA1
4260e32679bbde52dcfeae0913412169828b4efb

SHA256
eb2906581eb12882189351264e4c0712ff848c08683f6fd476f7a7397d31c6f3

SHA512
ed770b15616f3466da0fa83323b887224b3b7d3a09eca42dadd6b57c2db672437bcc3f354553b30e9b418407c67a4821048b5f727e8b1bbd9b97000a36040131

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe

Filesize
184KB

MD5
7aaa5dfe9629358e40720adc9d11a710

SHA1
702f1054c5de0d88f2e01e0dd377d9f6c19b1fb6

SHA256
5e524f9c0eadbaf9de1402b96cbed24d77625a40981443d38818bf7265e0fc1a

SHA512
96ae42623249cdcea1b3f50bae657b10c77e7546a215a9cd408dacd00b5ccc92d04238d2f99373d44ab6dacbd69fd39401ac22204311baf7a8817029a00763ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe

Filesize
184KB

MD5
69b0472b45ffeddd650a1918b9df25d9

SHA1
d758701e59dd7f44ae60cf46c899c2e305e4d9b8

SHA256
9db01d1165e3a3797a7c97fe2cada1f7a77623325a1c3e33e6001cba3b87eca9

SHA512
3172dbf1b26e0e7bdd7eac368f43b1b5081daf776bfa3f6fd1d55c3c35c4739a41d85f812d70d6db0767fd87e967de8ae7baa406e0c92dca18d39e009a8264a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe

Filesize
184KB

MD5
3b814c3b69aa254325fb138f38fef70a

SHA1
96642a099101a48013c571f9b8f38b748164682f

SHA256
4386909d7fadfc838ba77bd422e5ac904dea2de900694ffc521cf5baf5e96019

SHA512
694e9740573f899688af00c2e7ddf5cc2193c21529dc91462e1f5fa9787c90bfb701d1613ecad03dd86420a8cb6ccf05d6fefdc7c962ca596e52cf9861fdcb04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe

Filesize
184KB

MD5
d12b085aa1c20abcad6bc45d09fb7235

SHA1
abde25b0e10d3e3fab1289c8af452a20d7f4bc25

SHA256
b261b8bef0cfe6e88629343fce1f46f3561d1ec4033236a752301ceff30e538d

SHA512
50cd0be1d1652f2feebc704c57c44bb0573467f96fe2af2386c1e64136228799e7536404e355dbb51f14b06d4d1fba93f066970186c8d4b0b74a5c34bea65c3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe

Filesize
184KB

MD5
1fdd66ebdc6f04d12bdc0cff7de8fa71

SHA1
56f75405254d554a75f0a8c3f4fd380499a16bf3

SHA256
503465d3eb0f1c9ffbca13aa4c2f1ee672516175937ddfbf55b0acdb5bff7b22

SHA512
5bea9fec2cd245ce027e759e397acd80c16597a5e236de9a1555d29a68a305c3973d577c2291980985ffed238b70ebf584d5dada98ca46ef1714f3ad7956281c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe

Filesize
184KB

MD5
b957de5305ea16ef1111b9c202330b37

SHA1
0a598fb6fc1ec4c38a16fb37b6a646a6bce7079e

SHA256
0ece070b6149df35c091c9d8faf54418f0d82a6f44af050e6ee1508b913e4da4

SHA512
30a4f8da68866f05e11d3e6d0b0cb7646a586989cd8a2a59f1c941b2df140cab0d8b7fdaa377b215d5d83bf63097ce0edf6c66f0081b2c501fb81207e19bc63f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe

Filesize
184KB

MD5
38cade1ad96c569b4a3247d7f867fbad

SHA1
e91c8243101d516d04a4347505404c63378c6c65

SHA256
1b13a0501539beb27687bb8d133d4c71846dc328e90aa7063e85bdd18132e7b9

SHA512
c6898065aff481630fd873ef78b055677a1d4112f8e79607ccb16aa11e8b7588917b6f5b8746713a472eb3e484fcad602ee1753e38cc939cd98be39468d99c65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe

Filesize
184KB

MD5
5eeb1b5967616022cd0fffe5ca821e04

SHA1
84a3b81aa18fffc72a3a2970b512c67131b59d1b

SHA256
8fea696193382e38d343ce01880b341a645e0ba8f1da34843d73d61f0685ead9

SHA512
b21415f800613e4c31cfdc9f2b71dac81f3c658ee0f0f534123e1d6fec82a6c96df5d525c975426d618cea7e2275e865e2efd4e250038fe06c0418e3b2622097

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe

Filesize
184KB

MD5
4e222b528e494b23fae5ac7922c0f1ff

SHA1
5f8895d2dd55bf85b8e1c3fdd817a8947f6ba173

SHA256
dfdf208cb784333eb9c2b815c6cd69a5a61d65b85806f7b8e768adc98c8cef63

SHA512
77d4efe4b300713524c533c3c2b001bc33701599a450f4cd12e275b92d044cddffb294e4689c8c80bc2f58cc0e4da8f82fb3dee1d2f9acbdfb31084bbe918f26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe

Filesize
184KB

MD5
fb1f3bc0bde52cd71d87e836926a02f7

SHA1
4ae078bb331bdb315530bdbb141b43cdc2e4f9cf

SHA256
5f20b492313ebd381e93233956355ab61615372f34dffa13fae5e8ec30d9dcbd

SHA512
32aaf7caa5d34cb69f6a35b7b36eab2d2ff870d096872da8cd1654295833283efe265226058c85fe1230d7b50c4bc28bc0b29950af38a806372783949d07ef07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe

Filesize
184KB

MD5
97e0fb730cb09f2f925beee625814564

SHA1
0efd17474c681954b5302e2b78a44b48aaf4bc2e

SHA256
ddb1fcd787f5627456aca08b12792dd6fb107777614ceb106eb6add32053be75

SHA512
92d92c70d270957acba70ca888ec1b5162147113165f31f7252e0031dfb617cc6c80beccb57d9654f15cdfb1031ad1a3856222b2eccf77cb44f084097481481a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe

Filesize
184KB

MD5
e454f481b63f6563ec276bd9bd400d09

SHA1
e190b0cf15f0b4487f723b420d170c4418308e65

SHA256
ce28c4774b981155d67103711448ef820a9a03f5de79c046ee73f381e5f6c43e

SHA512
59f946966a19b11a17f11e1cca360ade47e9426c98035ff1bc35a9e9636b6a018a9a9063853f1a42a0a04d58b154b3777a881cf824c81a7086d30c3b01dfc241

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe

Filesize
184KB

MD5
3d121ddd23945d4b9ee3a1d1c3b7ecfd

SHA1
95c06ebbfc99bee022cf70fbaab1d14c7ec6899c

SHA256
18dd2a3286ed8196a960c9f9fa9987f720ef10afb9bbf65c25ba163dc52c9993

SHA512
658bf2b0c28c150699d201d695cf52471fb5ca1f3fbb4c729fa57feae983c76a55d7cb5b99616a3e75727b78dbbd703bf15724e17cb273b85cd598c582f985ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe

Filesize
184KB

MD5
fe93f016dd1f862466e5396047e10bcf

SHA1
e161c55da6f53a06fb00d91bee08cffdd81bab69

SHA256
85c10a15d14e1e865794da103f84939868e2f7296e93409243255156c9a63742

SHA512
928594f2ba65e17bd97dd10ffcdcbedf5ca31362db923d5e5b8f8bc66878a4c56ce06241f8478d20e354c4bae5fa3113b4209860665fa7ed830784cdab222b2c

Download Submit