63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062

Analysis

max time kernel
145s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
Size

184KB
MD5

4c4e32d3707c48c64284363fd1ef4246
SHA1

cf29d430cf9ca2aedff00dc4196c6d76ec0effba
SHA256

63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062
SHA512

5a0ef54363648f129d2aa5e93d558cd1510f9dda2614164edec2a1708026c33f5d0642580584f86d623733db822b352383bb579ef1c4fe8833f98ca3e92dafe5
SSDEEP

3072:YRXn/golLpE1D21YeWqpMXjACYIxsiKE+BlO5qAUnIhlnVOFknr:YRYoUt21Z6XjAJ7nChlnVOFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-62399.exeUnicorn-37786.exeUnicorn-44563.exeUnicorn-1953.exeUnicorn-8730.exeUnicorn-28596.exeUnicorn-38985.exeUnicorn-49846.exeUnicorn-90.exeUnicorn-41677.exeUnicorn-90.exeUnicorn-31969.exeUnicorn-8019.exeUnicorn-59742.exeUnicorn-20847.exeUnicorn-58118.exeUnicorn-58118.exeUnicorn-30682.exeUnicorn-26598.exeUnicorn-37458.exeUnicorn-55186.exeUnicorn-65300.exeUnicorn-10624.exeUnicorn-61216.exeUnicorn-6540.exeUnicorn-41071.exeUnicorn-17121.exeUnicorn-59545.exeUnicorn-55269.exeUnicorn-35403.exeUnicorn-6815.exeUnicorn-30765.exeUnicorn-55824.exeUnicorn-63437.exeUnicorn-39487.exeUnicorn-20267.exeUnicorn-16183.exeUnicorn-61854.exeUnicorn-16183.exeUnicorn-17683.exeUnicorn-28543.exeUnicorn-44133.exeUnicorn-27797.exeUnicorn-38657.exeUnicorn-23713.exeUnicorn-30489.exeUnicorn-17491.exeUnicorn-9130.exeUnicorn-19991.exeUnicorn-58331.exeUnicorn-3676.exeUnicorn-1216.exeUnicorn-16998.exeUnicorn-6369.exeUnicorn-43640.exeUnicorn-4745.exeUnicorn-48793.exeUnicorn-46333.exeUnicorn-61922.exeUnicorn-51294.exeUnicorn-11543.exeUnicorn-48300.exeUnicorn-50993.exeUnicorn-61128.exe

pid	process
2200	Unicorn-62399.exe
1684	Unicorn-37786.exe
1636	Unicorn-44563.exe
2796	Unicorn-1953.exe
2460	Unicorn-8730.exe
2208	Unicorn-28596.exe
2268	Unicorn-38985.exe
1040	Unicorn-49846.exe
2512	Unicorn-90.exe
1724	Unicorn-41677.exe
2764	Unicorn-90.exe
1648	Unicorn-31969.exe
1292	Unicorn-8019.exe
2932	Unicorn-59742.exe
1612	Unicorn-20847.exe
2812	Unicorn-58118.exe
2404	Unicorn-58118.exe
584	Unicorn-30682.exe
1776	Unicorn-26598.exe
2392	Unicorn-37458.exe
2056	Unicorn-55186.exe
1528	Unicorn-65300.exe
1532	Unicorn-10624.exe
1364	Unicorn-61216.exe
2272	Unicorn-6540.exe
2960	Unicorn-41071.exe
2948	Unicorn-17121.exe
2212	Unicorn-59545.exe
1948	Unicorn-55269.exe
2860	Unicorn-35403.exe
1968	Unicorn-6815.exe
1028	Unicorn-30765.exe
2040	Unicorn-55824.exe
2636	Unicorn-63437.exe
2648	Unicorn-39487.exe
2660	Unicorn-20267.exe
2616	Unicorn-16183.exe
2292	Unicorn-61854.exe
2424	Unicorn-16183.exe
2704	Unicorn-17683.exe
1944	Unicorn-28543.exe
1004	Unicorn-44133.exe
2884	Unicorn-27797.exe
2496	Unicorn-38657.exe
1600	Unicorn-23713.exe
2348	Unicorn-30489.exe
2304	Unicorn-17491.exe
2076	Unicorn-9130.exe
1496	Unicorn-19991.exe
1780	Unicorn-58331.exe
2276	Unicorn-3676.exe
1008	Unicorn-1216.exe
1924	Unicorn-16998.exe
820	Unicorn-6369.exe
2016	Unicorn-43640.exe
3048	Unicorn-4745.exe
2052	Unicorn-48793.exe
2104	Unicorn-46333.exe
2856	Unicorn-61922.exe
552	Unicorn-51294.exe
2684	Unicorn-11543.exe
2436	Unicorn-48300.exe
1932	Unicorn-50993.exe
1976	Unicorn-61128.exe

Loads dropped DLL 64 IoCs

Processes:

63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exeUnicorn-62399.exeUnicorn-37786.exeUnicorn-44563.exeWerFault.exeUnicorn-1953.exeUnicorn-28596.exeUnicorn-8730.exeWerFault.exeWerFault.exeUnicorn-38985.exeWerFault.exeWerFault.exeUnicorn-41677.exeUnicorn-49846.exeWerFault.exe

pid	process
1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
2200	Unicorn-62399.exe
2200	Unicorn-62399.exe
1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
1684	Unicorn-37786.exe
1684	Unicorn-37786.exe
2200	Unicorn-62399.exe
2200	Unicorn-62399.exe
1636	Unicorn-44563.exe
1636	Unicorn-44563.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2796	Unicorn-1953.exe
2796	Unicorn-1953.exe
1684	Unicorn-37786.exe
1684	Unicorn-37786.exe
2208	Unicorn-28596.exe
2460	Unicorn-8730.exe
2208	Unicorn-28596.exe
2460	Unicorn-8730.exe
1636	Unicorn-44563.exe
1636	Unicorn-44563.exe
2252	WerFault.exe
2252	WerFault.exe
2252	WerFault.exe
2252	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
2252	WerFault.exe
1960	WerFault.exe
2268	Unicorn-38985.exe
2268	Unicorn-38985.exe
2796	Unicorn-1953.exe
2796	Unicorn-1953.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2208	Unicorn-28596.exe
2208	Unicorn-28596.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2460	Unicorn-8730.exe
2460	Unicorn-8730.exe
1724	Unicorn-41677.exe
1040	Unicorn-49846.exe
1724	Unicorn-41677.exe
1040	Unicorn-49846.exe
2136	WerFault.exe
268	WerFault.exe
268	WerFault.exe
268	WerFault.exe
268	WerFault.exe
268	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2664	1800	WerFault.exe	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
2500	2200	WerFault.exe	Unicorn-62399.exe
2252	1684	WerFault.exe	Unicorn-37786.exe
1960	1636	WerFault.exe	Unicorn-44563.exe
2920	2512	WerFault.exe	Unicorn-90.exe
2136	2764	WerFault.exe	Unicorn-90.exe
268	2796	WerFault.exe	Unicorn-1953.exe
996	2460	WerFault.exe	Unicorn-8730.exe
592	2208	WerFault.exe	Unicorn-28596.exe
2160	2268	WerFault.exe	Unicorn-38985.exe
1732	1724	WerFault.exe	Unicorn-41677.exe
360	1040	WerFault.exe	Unicorn-49846.exe
2972	1292	WerFault.exe	Unicorn-8019.exe
2044	1648	WerFault.exe	Unicorn-31969.exe
884	2932	WerFault.exe	Unicorn-59742.exe
1820	2812	WerFault.exe	Unicorn-58118.exe
1044	2404	WerFault.exe	Unicorn-58118.exe
1652	1612	WerFault.exe	Unicorn-20847.exe
2516	584	WerFault.exe	Unicorn-30682.exe
2036	1776	WerFault.exe	Unicorn-26598.exe
2652	2392	WerFault.exe	Unicorn-37458.exe
2584	2056	WerFault.exe	Unicorn-55186.exe
2644	1528	WerFault.exe	Unicorn-65300.exe
1952	1364	WerFault.exe	Unicorn-61216.exe
2700	1532	WerFault.exe	Unicorn-10624.exe
2892	2272	WerFault.exe	Unicorn-6540.exe
2420	2960	WerFault.exe	Unicorn-41071.exe
1304	2948	WerFault.exe	Unicorn-17121.exe
2340	2212	WerFault.exe	Unicorn-59545.exe
2256	1948	WerFault.exe	Unicorn-55269.exe
2860	2660	WerFault.exe	Unicorn-20267.exe
2612	2292	WerFault.exe	Unicorn-61854.exe
576	2616	WerFault.exe	Unicorn-16183.exe
348	1968	WerFault.exe	Unicorn-6815.exe
2132	1028	WerFault.exe	Unicorn-30765.exe
664	2424	WerFault.exe	Unicorn-16183.exe
1436	2040	WerFault.exe	Unicorn-55824.exe
3100	2636	WerFault.exe	Unicorn-63437.exe
3124	2648	WerFault.exe	Unicorn-39487.exe
3140	2704	WerFault.exe	Unicorn-17683.exe
3308	1004	WerFault.exe	Unicorn-44133.exe
3556	1944	WerFault.exe	Unicorn-28543.exe
3564	1780	WerFault.exe	Unicorn-58331.exe
3600	1924	WerFault.exe	Unicorn-16998.exe
3592	2276	WerFault.exe	Unicorn-3676.exe
3616	1008	WerFault.exe	Unicorn-1216.exe
3640	2016	WerFault.exe	Unicorn-43640.exe
3656	820	WerFault.exe	Unicorn-6369.exe
3688	552	WerFault.exe	Unicorn-51294.exe
3736	3048	WerFault.exe	Unicorn-4745.exe
3968	2740	WerFault.exe	Unicorn-41153.exe
3380	2684	WerFault.exe	Unicorn-11543.exe
3496	1932	WerFault.exe	Unicorn-50993.exe
3536	2348	WerFault.exe	Unicorn-30489.exe
3548	1976	WerFault.exe	Unicorn-61128.exe
3624	2884	WerFault.exe	Unicorn-27797.exe
3648	1496	WerFault.exe	Unicorn-19991.exe
3800	1296	WerFault.exe	Unicorn-30210.exe
3812	540	WerFault.exe	Unicorn-2176.exe
3892	816	WerFault.exe	Unicorn-48684.exe
3916	2076	WerFault.exe	Unicorn-9130.exe
4004	852	WerFault.exe	Unicorn-19904.exe
4044	2304	WerFault.exe	Unicorn-17491.exe
3180	1996	WerFault.exe	Unicorn-57407.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exeUnicorn-62399.exeUnicorn-37786.exeUnicorn-44563.exeUnicorn-1953.exeUnicorn-8730.exeUnicorn-28596.exeUnicorn-38985.exeUnicorn-49846.exeUnicorn-41677.exeUnicorn-90.exeUnicorn-90.exeUnicorn-31969.exeUnicorn-8019.exeUnicorn-59742.exeUnicorn-58118.exeUnicorn-20847.exeUnicorn-58118.exeUnicorn-30682.exeUnicorn-26598.exeUnicorn-37458.exeUnicorn-55186.exeUnicorn-65300.exeUnicorn-61216.exeUnicorn-10624.exeUnicorn-6540.exeUnicorn-41071.exeUnicorn-17121.exeUnicorn-59545.exeUnicorn-55269.exeUnicorn-6815.exeUnicorn-30765.exeUnicorn-55824.exeUnicorn-63437.exeUnicorn-39487.exeUnicorn-20267.exeUnicorn-61854.exeUnicorn-16183.exeUnicorn-16183.exeUnicorn-17683.exeUnicorn-28543.exeUnicorn-44133.exeUnicorn-27797.exeUnicorn-38657.exeUnicorn-23713.exeUnicorn-30489.exeUnicorn-17491.exeUnicorn-9130.exeUnicorn-19991.exeUnicorn-58331.exeUnicorn-3676.exeUnicorn-1216.exeUnicorn-16998.exeUnicorn-6369.exeUnicorn-43640.exeUnicorn-48793.exeUnicorn-4745.exeUnicorn-46333.exeUnicorn-61922.exeUnicorn-51294.exeUnicorn-11543.exeUnicorn-48300.exeUnicorn-50993.exeUnicorn-61128.exe

pid	process
1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
2200	Unicorn-62399.exe
1684	Unicorn-37786.exe
1636	Unicorn-44563.exe
2796	Unicorn-1953.exe
2460	Unicorn-8730.exe
2208	Unicorn-28596.exe
2268	Unicorn-38985.exe
1040	Unicorn-49846.exe
1724	Unicorn-41677.exe
2764	Unicorn-90.exe
2512	Unicorn-90.exe
1648	Unicorn-31969.exe
1292	Unicorn-8019.exe
2932	Unicorn-59742.exe
2812	Unicorn-58118.exe
1612	Unicorn-20847.exe
2404	Unicorn-58118.exe
584	Unicorn-30682.exe
1776	Unicorn-26598.exe
2392	Unicorn-37458.exe
2056	Unicorn-55186.exe
1528	Unicorn-65300.exe
1364	Unicorn-61216.exe
1532	Unicorn-10624.exe
2272	Unicorn-6540.exe
2960	Unicorn-41071.exe
2948	Unicorn-17121.exe
2212	Unicorn-59545.exe
1948	Unicorn-55269.exe
1968	Unicorn-6815.exe
1028	Unicorn-30765.exe
2040	Unicorn-55824.exe
2636	Unicorn-63437.exe
2648	Unicorn-39487.exe
2660	Unicorn-20267.exe
2292	Unicorn-61854.exe
2616	Unicorn-16183.exe
2424	Unicorn-16183.exe
2704	Unicorn-17683.exe
1944	Unicorn-28543.exe
1004	Unicorn-44133.exe
2884	Unicorn-27797.exe
2496	Unicorn-38657.exe
1600	Unicorn-23713.exe
2348	Unicorn-30489.exe
2304	Unicorn-17491.exe
2076	Unicorn-9130.exe
1496	Unicorn-19991.exe
1780	Unicorn-58331.exe
2276	Unicorn-3676.exe
1008	Unicorn-1216.exe
1924	Unicorn-16998.exe
820	Unicorn-6369.exe
2016	Unicorn-43640.exe
2052	Unicorn-48793.exe
3048	Unicorn-4745.exe
2104	Unicorn-46333.exe
2856	Unicorn-61922.exe
552	Unicorn-51294.exe
2684	Unicorn-11543.exe
2436	Unicorn-48300.exe
1932	Unicorn-50993.exe
1976	Unicorn-61128.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exeUnicorn-62399.exeUnicorn-37786.exeUnicorn-44563.exeUnicorn-1953.exeUnicorn-28596.exeUnicorn-8730.exeUnicorn-38985.exe

description	pid	process	target process
PID 1800 wrote to memory of 2200	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-62399.exe
PID 1800 wrote to memory of 2200	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-62399.exe
PID 1800 wrote to memory of 2200	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-62399.exe
PID 1800 wrote to memory of 2200	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-62399.exe
PID 2200 wrote to memory of 1684	2200	Unicorn-62399.exe	Unicorn-37786.exe
PID 2200 wrote to memory of 1684	2200	Unicorn-62399.exe	Unicorn-37786.exe
PID 2200 wrote to memory of 1684	2200	Unicorn-62399.exe	Unicorn-37786.exe
PID 2200 wrote to memory of 1684	2200	Unicorn-62399.exe	Unicorn-37786.exe
PID 1800 wrote to memory of 1636	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-44563.exe
PID 1800 wrote to memory of 1636	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-44563.exe
PID 1800 wrote to memory of 1636	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-44563.exe
PID 1800 wrote to memory of 1636	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	Unicorn-44563.exe
PID 1800 wrote to memory of 2664	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	WerFault.exe
PID 1800 wrote to memory of 2664	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	WerFault.exe
PID 1800 wrote to memory of 2664	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	WerFault.exe
PID 1800 wrote to memory of 2664	1800	63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe	WerFault.exe
PID 1684 wrote to memory of 2796	1684	Unicorn-37786.exe	Unicorn-1953.exe
PID 1684 wrote to memory of 2796	1684	Unicorn-37786.exe	Unicorn-1953.exe
PID 1684 wrote to memory of 2796	1684	Unicorn-37786.exe	Unicorn-1953.exe
PID 1684 wrote to memory of 2796	1684	Unicorn-37786.exe	Unicorn-1953.exe
PID 2200 wrote to memory of 2460	2200	Unicorn-62399.exe	Unicorn-8730.exe
PID 2200 wrote to memory of 2460	2200	Unicorn-62399.exe	Unicorn-8730.exe
PID 2200 wrote to memory of 2460	2200	Unicorn-62399.exe	Unicorn-8730.exe
PID 2200 wrote to memory of 2460	2200	Unicorn-62399.exe	Unicorn-8730.exe
PID 1636 wrote to memory of 2208	1636	Unicorn-44563.exe	Unicorn-28596.exe
PID 1636 wrote to memory of 2208	1636	Unicorn-44563.exe	Unicorn-28596.exe
PID 1636 wrote to memory of 2208	1636	Unicorn-44563.exe	Unicorn-28596.exe
PID 1636 wrote to memory of 2208	1636	Unicorn-44563.exe	Unicorn-28596.exe
PID 2200 wrote to memory of 2500	2200	Unicorn-62399.exe	WerFault.exe
PID 2200 wrote to memory of 2500	2200	Unicorn-62399.exe	WerFault.exe
PID 2200 wrote to memory of 2500	2200	Unicorn-62399.exe	WerFault.exe
PID 2200 wrote to memory of 2500	2200	Unicorn-62399.exe	WerFault.exe
PID 2796 wrote to memory of 2268	2796	Unicorn-1953.exe	Unicorn-38985.exe
PID 2796 wrote to memory of 2268	2796	Unicorn-1953.exe	Unicorn-38985.exe
PID 2796 wrote to memory of 2268	2796	Unicorn-1953.exe	Unicorn-38985.exe
PID 2796 wrote to memory of 2268	2796	Unicorn-1953.exe	Unicorn-38985.exe
PID 1684 wrote to memory of 1040	1684	Unicorn-37786.exe	Unicorn-49846.exe
PID 1684 wrote to memory of 1040	1684	Unicorn-37786.exe	Unicorn-49846.exe
PID 1684 wrote to memory of 1040	1684	Unicorn-37786.exe	Unicorn-49846.exe
PID 1684 wrote to memory of 1040	1684	Unicorn-37786.exe	Unicorn-49846.exe
PID 2208 wrote to memory of 2512	2208	Unicorn-28596.exe	Unicorn-90.exe
PID 2208 wrote to memory of 2512	2208	Unicorn-28596.exe	Unicorn-90.exe
PID 2208 wrote to memory of 2512	2208	Unicorn-28596.exe	Unicorn-90.exe
PID 2208 wrote to memory of 2512	2208	Unicorn-28596.exe	Unicorn-90.exe
PID 2460 wrote to memory of 2764	2460	Unicorn-8730.exe	Unicorn-90.exe
PID 2460 wrote to memory of 2764	2460	Unicorn-8730.exe	Unicorn-90.exe
PID 2460 wrote to memory of 2764	2460	Unicorn-8730.exe	Unicorn-90.exe
PID 2460 wrote to memory of 2764	2460	Unicorn-8730.exe	Unicorn-90.exe
PID 1636 wrote to memory of 1724	1636	Unicorn-44563.exe	Unicorn-41677.exe
PID 1636 wrote to memory of 1724	1636	Unicorn-44563.exe	Unicorn-41677.exe
PID 1636 wrote to memory of 1724	1636	Unicorn-44563.exe	Unicorn-41677.exe
PID 1636 wrote to memory of 1724	1636	Unicorn-44563.exe	Unicorn-41677.exe
PID 1684 wrote to memory of 2252	1684	Unicorn-37786.exe	WerFault.exe
PID 1684 wrote to memory of 2252	1684	Unicorn-37786.exe	WerFault.exe
PID 1684 wrote to memory of 2252	1684	Unicorn-37786.exe	WerFault.exe
PID 1684 wrote to memory of 2252	1684	Unicorn-37786.exe	WerFault.exe
PID 1636 wrote to memory of 1960	1636	Unicorn-44563.exe	WerFault.exe
PID 1636 wrote to memory of 1960	1636	Unicorn-44563.exe	WerFault.exe
PID 1636 wrote to memory of 1960	1636	Unicorn-44563.exe	WerFault.exe
PID 1636 wrote to memory of 1960	1636	Unicorn-44563.exe	WerFault.exe
PID 2268 wrote to memory of 1648	2268	Unicorn-38985.exe	Unicorn-31969.exe
PID 2268 wrote to memory of 1648	2268	Unicorn-38985.exe	Unicorn-31969.exe
PID 2268 wrote to memory of 1648	2268	Unicorn-38985.exe	Unicorn-31969.exe
PID 2268 wrote to memory of 1648	2268	Unicorn-38985.exe	Unicorn-31969.exe

C:\Users\Admin\AppData\Local\Temp\63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe
"C:\Users\Admin\AppData\Local\Temp\63dc144ca9acd6762cad64d62d6f429491181ff15eca6850a6e4fb5e4417f062.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59545.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        10⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        11⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        12⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        13⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        14⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        15⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        16⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        17⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 220
        17⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        16⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        15⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        14⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        13⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        12⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        11⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        10⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        12⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        13⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        14⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        15⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
        15⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        14⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        13⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        12⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        11⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        10⤵
        Program crash
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        9⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
        11⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        12⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        13⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        14⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        15⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        15⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 236
        14⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        13⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        12⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
        11⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        10⤵
        Program crash
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        9⤵
        Program crash
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        10⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        12⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        13⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        14⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
        15⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
        15⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 236
        14⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
        13⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
        12⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        11⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        12⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
        13⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
        14⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        14⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 220
        13⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 220
        12⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 236
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        8⤵
        Program crash
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        7⤵
        Executes dropped EXE
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        9⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        11⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        12⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        13⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        14⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        15⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 236
        15⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 236
        14⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        13⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        12⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        11⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        10⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        9⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 200
        10⤵
        Program crash
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        11⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        12⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        13⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        14⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        14⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        13⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 236
        12⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        10⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        9⤵
        Program crash
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        8⤵
        Program crash
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        8⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        12⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        13⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
        14⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
        14⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        13⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 236
        11⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
        9⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        10⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        11⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
        12⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        13⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        13⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
        12⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        10⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
        9⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        8⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        7⤵
        Program crash
        
        PID:2652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        6⤵
        Program crash
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        11⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45529.exe
        12⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        13⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        14⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        15⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
        15⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
        14⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        13⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        12⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
        11⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        9⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        10⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        11⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        12⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        13⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        14⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        14⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        13⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        12⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        11⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        10⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        9⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        11⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        12⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        13⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        14⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        15⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
        15⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        14⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        13⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        12⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        11⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        10⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        9⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        Program crash
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11543.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        9⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
        11⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        12⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        13⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        14⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
        14⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        13⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        12⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        11⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
        10⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        9⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        12⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        13⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        14⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 220
        14⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        13⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
        11⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
        9⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        8⤵
        Program crash
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        7⤵
        Program crash
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        9⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        10⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        12⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
        13⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        14⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        14⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        13⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        12⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        11⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        10⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        9⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        8⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 220
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
        10⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        11⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        12⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        13⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        14⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
        14⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
        13⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        12⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        10⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        11⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        12⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
        13⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        13⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
        12⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        8⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        7⤵
        Program crash
        
        PID:1304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
        6⤵
        Program crash
        
        PID:2972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        12⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        13⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        14⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        15⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
        15⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        14⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        13⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        12⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        11⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
        10⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
        9⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        8⤵
        Program crash
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        11⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        12⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        13⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        14⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
        14⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 240
        13⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
        9⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 236
        8⤵
        Program crash
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        7⤵
        Program crash
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        13⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        14⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 236
        14⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        13⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        11⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50384.exe
        11⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        12⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        12⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23172.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        11⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        12⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        13⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 236
        13⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        12⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        8⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        7⤵
        Program crash
        
        PID:2612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        6⤵
        Program crash
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        9⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 220
        10⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        8⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        10⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        11⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        12⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        13⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        13⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        12⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        8⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        7⤵
        Program crash
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
        11⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        12⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        13⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        13⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        12⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        12⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        11⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        9⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        8⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 220
        7⤵
        
        PID:4172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
        6⤵
        Program crash
        
        PID:2892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        5⤵
        Program crash
        
        PID:360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        13⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        12⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        10⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        8⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        10⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
        11⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        12⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
        12⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 220
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        10⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        9⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        8⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        7⤵
        
        PID:4864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        6⤵
        Program crash
        
        PID:1436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        5⤵
        Program crash
        
        PID:1652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Program crash
      PID:996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        8⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        10⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        11⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        12⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        13⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        14⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        14⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        13⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        11⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        10⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
        12⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        13⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 236
        13⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        12⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
        9⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        8⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        11⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        12⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        13⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
        13⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
        8⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        7⤵
        Program crash
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        12⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        13⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
        13⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        12⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        11⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        12⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        11⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 236
        10⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        7⤵
        Program crash
        
        PID:3648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        6⤵
        Program crash
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
        10⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        12⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        13⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        13⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        12⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        10⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        11⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        12⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        12⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        11⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        8⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        10⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        11⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        11⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        9⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        8⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        7⤵
        
        PID:4180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        6⤵
        Program crash
        
        PID:348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        5⤵
        Program crash
        
        PID:884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
      4⤵
      Program crash
      PID:592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        12⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        13⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10353.exe
        14⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        14⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
        13⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        12⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        11⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        8⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        11⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        12⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
        13⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 240
        13⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 220
        12⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        11⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        11⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        12⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        13⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
        13⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 236
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        7⤵
        Program crash
        
        PID:3616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        6⤵
        Program crash
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        11⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        12⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        13⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        13⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        12⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        11⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        10⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        7⤵
        Program crash
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        11⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
        12⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        12⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        10⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        8⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        7⤵
        
        PID:4496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        6⤵
        Program crash
        
        PID:3124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        5⤵
        Program crash
        
        PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        12⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        13⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        13⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        12⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        11⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 216
        8⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        6⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        10⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        11⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        12⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 236
        12⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 236
        11⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 236
        10⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        9⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        8⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        7⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        6⤵
        Program crash
        
        PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        9⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        10⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        11⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 220
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
        11⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        10⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        9⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        8⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        7⤵
        
        PID:4324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        6⤵
        Program crash
        
        PID:3688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        5⤵
        Program crash
        
        PID:2700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
      4⤵
      Program crash
      PID:1732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
  2⤵
  - Program crash
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe

Filesize
184KB

MD5
c61cb538dacdc33858867bbecb56ec9f

SHA1
4e4b8420311b03cce7d6735df19b2a795f8cef07

SHA256
743ec4ce5bbcc2bfc1d72c03d2168fa057dc687551e7ff768595218dac3910e1

SHA512
b7acb179155e79baad16b0d1c34cf9bc57988ea90e69cad6e38a0cc5b025c6b1b5627eba8a0f2defb16d7a22bed13f096bb5d17e3a980ed9714d6ec765fc3f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe

Filesize
184KB

MD5
57e3a1a8567ab45e011fa88f693a8308

SHA1
8e02941c724ab8ac61efe125b4626a9b0de0666b

SHA256
2d80d06b969294abb381fa64d7c2674c09d09dc30620daf4753694b92f1f6006

SHA512
3d9822b3b19407097dd7ed519bc11efde05a545abc9b75c25a0ba1d3452171c2ca6fe84ef0d9dc392cb8cc6aceef7e543e781e75db510bf19b572ee90ac2635f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe

Filesize
184KB

MD5
7c3e67b218965dfc47821d31b84bca67

SHA1
e248566960ad40a5115d5ef9e4bdc6f61aa2b5c9

SHA256
1cf7a6ad01fc63e61e492ba5e8950ad43acd7476a9e55f45c5ea96940234dd0b

SHA512
b9895bfbd8ab2b170d0d5a72a41afcaaee6c24cd8cb78da24b63ea48d9937d6023443bcdd3d4a10c0b565a7669812b5a17f27bac75012865d5f53a68513ba06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe

Filesize
184KB

MD5
85a320821eb519a17de38783457e9ea3

SHA1
183426c5ddb6e7e7b03c7c67e93b3ad93f31276f

SHA256
f482d3cbd58d29315cb963a7c1e3eb8d618a4e534fad15f96217b4bf31ad1c7a

SHA512
cb956d3568d3ab61e8f1aa7c9af32372a8758f033083506cd5c38571a7d09765a1251986109b9e1e43af83cd9ec96e67793f9e7f855a3bc2d33c05c5714da7bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe

Filesize
184KB

MD5
79fdbf89932d3ca1d1b4993a50b20acc

SHA1
36f699255997cd7e1a4ae60b6135fb7e45ed1ffd

SHA256
883325ced4b9286f7ae886d0f185de45c4fac5d81ccda2c3e69aab8295891108

SHA512
4c1ab6a307b959cc0e05d272ccee4c5c3ca1c12d6add17a293c5379bdd69b38842e7cf1c9e23c470bf1f642d50a6f668ca20bad4ea47f675233c90de2e0b9e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe

Filesize
184KB

MD5
27494f98ae2b7b1a4a15852b16483d40

SHA1
3255333781b4f82868bdd493c88f27980522aa70

SHA256
77bff400f297714089176c6f7ea16068ffc54848a6800fbe7878f27d88c2ff10

SHA512
e3d550966c6cbdf923402fb8106a33a6dbe8bb5f3c0ec427ecd529db0debf5a3e185f2be88deaa9afe93257f5fa0491293b0ed0ab769c05e24590960d92ee14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe

Filesize
184KB

MD5
8631710cb49b0901637e3dd03f56e9b9

SHA1
b3e678dd49036d6eccb467b810b754e068be0545

SHA256
0faa5918104502778962911c62838a33fe450290855e166fa2699a8fbd9b33ed

SHA512
5e062c81e2d3da2b91c91d28b27f37fb66cf46b92da8613d64a0432ae4b05eb6629bd9085139f34288ac7a2f6299d9ef101a912eeab2f28ff146ab44820a97d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe

Filesize
184KB

MD5
312bd1e84f56baf6cd9ce024eb7b71c3

SHA1
1a384ed2cd88e15ba77cd31ccc6cb7442c62a154

SHA256
27b6a1c74529ccd94e95c17fc9fa982c05a0a0ec4e7582c40be913c14081c8ca

SHA512
61c0d2a0b2da562138ebc3be55fa736c50dff20fbd4bef73b1c138a7d1899055883447b049533d7e1b5b3282891782990e07afbeff4741002eba42678c030ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe

Filesize
184KB

MD5
9d824bc0d5b80962cd0442a429fd5313

SHA1
199a240d666248fd6b26ea121d8e2051b9e54c0c

SHA256
2c53dbd38eaab1bbb13f15e89b01680e0654f28268aa36e1f6e9e46bfaf74417

SHA512
c643af351b25d6df89fdbf5027dc7598cfcc09af1fb5d08c2329c6d4cdbce4b2cc05924505bfc2dc363ce115bae7da967ed9a10214a506848a2ce2af183dc432

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe

Filesize
184KB

MD5
4bc1c2c943298cae3e05dd9ead698a14

SHA1
329fb50bbfc725c3be7b82f0f38bf33067dd614f

SHA256
b87712aa013a9137c4a42c9beadb05e5a132bc219c902466dc59c701481fe70f

SHA512
a948ee832e991fab73975282ae0779675dc12ac01e57ad4ed0105b398859eec04102223136d635f3cddc357b6d86acb4c186b6f140173b99c22e193121639c55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe

Filesize
184KB

MD5
0fae85031897324abffc4b433c8d0e1a

SHA1
a3b94735bf6147b7f58aeb66b3c7adae2d9022c6

SHA256
e4d4ce730711f4fae3efe38214db63bf0a583ba3c8593414dadbcc47f704b1c3

SHA512
679d5daba6ebea623ca2d1ad92c261243a926477ee5f3b34d1671b05ded4c7674d0c53c101bb9e160e7c98642f1b8927d2bfdc7e5d8c8656d9e75f41f2431706

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe

Filesize
184KB

MD5
d096a81f728a9d192025f6355f24d9a8

SHA1
30add900352b4931b818a82edf40509b9b02689b

SHA256
ae69dd8eb290ccce9b706e175b77fa4964e9ed16f00acbc2fa4a0dab3e96b8ab

SHA512
3bf591fa88cd5c950610a7437f55217dd62414a9158970a7f45187aaef76b18dfa62c27a8790a76f51f0e7261143d1a8e22d4077dba92a950ca241c535506a46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe

Filesize
184KB

MD5
06dc7b3cfedad87a8e3e26bc775296cd

SHA1
28ccf21380c0b1b2b3da75637ad643e6a3c69234

SHA256
100e499cb9b39b632213f317f3210feb061d7a0916840c97428d3903a80742b2

SHA512
329b07ab6f73366d7a5e98f3cfd5af5f4cb6c1df6d759f83bb93b84d8c73da9c7893d7bdcbd23892a899913f5349b123bdf460b1f8300bcaa477695f1bea24b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe

Filesize
184KB

MD5
53c972fc7a72cb2eb096c14af66ce5de

SHA1
6befb0e3747ca2f8e287b9d59399c3091c3c878b

SHA256
3a52229e7ae4332fa12b4b90254357a063a30a8fb6db4faca9bd4b6cb56a38ad

SHA512
8287a6c8cb8824ee0ef4cf49b3d939af70a15ea48d5ba0fb63e4e63f6edc6012da7a9c3376761a5f61fdc0fb968aa493c010e4820eb5cf7dd242704a61d5ebed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe

Filesize
184KB

MD5
6faafdd4083b14a3f5bb1d533ed2bdef

SHA1
30fa7e3afc3e3e9e53dba3a180467a2a288df852

SHA256
a4ed056ff33c76b178cfe7c3bb928cc04626bb376330d28b0b59ced9e84d7095

SHA512
b74e86b5cdfa9439418a30e2ff493f357d018f8bc12db4a4d13f927a37dbde5d41298bd35e8543e7168d8577c46008ef650cb2c09f197ff91031c4f603f4b900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe

Filesize
184KB

MD5
94b12f40240f59577aff7f018f45ce29

SHA1
697aff84fdffeeb340398eb4edb8784c172cc55b

SHA256
63a061a0ecb1a6d4f1657b47b69bd60c5376a0bd5d6ad961cbd079be8155bb41

SHA512
8a59297894cc56cf21282cdb8795984e45e9b438c74381a0e16fadf5c77876e2697480beb9e44b9f3f6220b28fb1587476808d1be4844b5a7a51e6549b46a0ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe

Filesize
184KB

MD5
b360505e19a5ec67a1a698fa69e570f8

SHA1
4b029d47290d11af990d360ff814ac05b910f4d3

SHA256
031d15847f13ea86b79f79b8aa4b4ec64eb16784ecb70eb882a3006847e01cbc

SHA512
9721116a006f30031bcd5733e135f634f7705fe5f9ee27e82781ef5b7403f383c3e149a0684ecf0e8a684a45d10d5f4afc346573f7e58204505b269700c60286

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe

Filesize
184KB

MD5
cb28363e1c5115e040e9f9fc81dcb986

SHA1
584bfcdb8b7da5abadc5c8f08d6031ddf03a2b29

SHA256
b6818f712fe54cb0b0a6e0d3eff13bea5611cab39abd34125cc835a8dd598b16

SHA512
46d8bd80c8afd095d65e3dd5e42d85c8b6dba0be1b7eec26851b03e399e0ab2882e9e6a3567abd9be58da36e05bb57d14aa00e63eaeba76a4454a7a580d251b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-90.exe

Filesize
184KB

MD5
e5828203a43b405fd3c46c6b5dc97536

SHA1
98fe3bdcacc035b508bbfc605071772e5279ee3d

SHA256
02e681eca3a2144116f8c491343d0a8c3172e3b8e9f8d48992eb7f16d8c5a323

SHA512
49e096e39247d4cba833c957a5ccdd99d8f2483960ba2768e515d4fa89da235424619dc79ed84a280fcb85b027a64c71600cc06fab5f698a61a57f418a999c37

Download Submit