65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
Size

184KB
MD5

8dff1339d53ada5438860a4c80b54a77
SHA1

58d99d18483a00fbbc22fc526dc153db4e9fbb84
SHA256

65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5
SHA512

ac8f493470d5a49b36b8ffcb0e238366d0bb6607cb7cb078e6bc811a5c6b95feae890d5573fae6919c9164f9018d637d477d644bf6e705645194585477e9d730
SSDEEP

3072:hiaV5xoTMYOKduaWesMLSXPShlnViF7n3:hiooOGuaDLUPShlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-30496.exeUnicorn-19396.exeUnicorn-30256.exeUnicorn-9136.exeUnicorn-19997.exeUnicorn-968.exeUnicorn-46168.exeUnicorn-14050.exeUnicorn-10542.exeUnicorn-33916.exeUnicorn-65218.exeUnicorn-35068.exeUnicorn-11694.exeUnicorn-58202.exeUnicorn-33506.exeUnicorn-9556.exeUnicorn-29422.exeUnicorn-7138.exeUnicorn-48726.exeUnicorn-33781.exeUnicorn-29697.exeUnicorn-40557.exeUnicorn-43895.exeUnicorn-54756.exeUnicorn-31643.exeUnicorn-42503.exeUnicorn-29265.exeUnicorn-54284.exeUnicorn-54284.exeUnicorn-61061.exeUnicorn-22166.exeUnicorn-37948.exeUnicorn-29588.exeUnicorn-40448.exeUnicorn-21420.exeUnicorn-17336.exeUnicorn-58923.exeUnicorn-13251.exeUnicorn-24112.exeUnicorn-8337.exeUnicorn-14367.exeUnicorn-51871.exeUnicorn-17060.exeUnicorn-59484.exeUnicorn-61985.exeUnicorn-8145.exeUnicorn-30704.exeUnicorn-61430.exeUnicorn-61430.exeUnicorn-26620.exeUnicorn-57922.exeUnicorn-64699.exeUnicorn-64699.exeUnicorn-49754.exeUnicorn-25804.exeUnicorn-25804.exeUnicorn-14943.exeUnicorn-56531.exeUnicorn-45670.exeUnicorn-41093.exeUnicorn-17143.exeUnicorn-55483.exeUnicorn-62260.exeUnicorn-60.exe

pid	process
1644	Unicorn-30496.exe
2556	Unicorn-19396.exe
2288	Unicorn-30256.exe
2612	Unicorn-9136.exe
2932	Unicorn-19997.exe
2464	Unicorn-968.exe
1456	Unicorn-46168.exe
2552	Unicorn-14050.exe
1476	Unicorn-10542.exe
2752	Unicorn-33916.exe
1584	Unicorn-65218.exe
2768	Unicorn-35068.exe
2492	Unicorn-11694.exe
2268	Unicorn-58202.exe
2032	Unicorn-33506.exe
1596	Unicorn-9556.exe
1400	Unicorn-29422.exe
2968	Unicorn-7138.exe
688	Unicorn-48726.exe
2856	Unicorn-33781.exe
276	Unicorn-29697.exe
1016	Unicorn-40557.exe
1864	Unicorn-43895.exe
352	Unicorn-54756.exe
1868	Unicorn-31643.exe
2008	Unicorn-42503.exe
2388	Unicorn-29265.exe
2644	Unicorn-54284.exe
2744	Unicorn-54284.exe
1360	Unicorn-61061.exe
2300	Unicorn-22166.exe
2604	Unicorn-37948.exe
2656	Unicorn-29588.exe
2480	Unicorn-40448.exe
2652	Unicorn-21420.exe
2528	Unicorn-17336.exe
2988	Unicorn-58923.exe
2184	Unicorn-13251.exe
752	Unicorn-24112.exe
112	Unicorn-8337.exe
1552	Unicorn-14367.exe
1216	Unicorn-51871.exe
2664	Unicorn-17060.exe
2212	Unicorn-59484.exe
2248	Unicorn-61985.exe
1692	Unicorn-8145.exe
2264	Unicorn-30704.exe
2848	Unicorn-61430.exe
3064	Unicorn-61430.exe
2868	Unicorn-26620.exe
1920	Unicorn-57922.exe
1916	Unicorn-64699.exe
1228	Unicorn-64699.exe
1224	Unicorn-49754.exe
3028	Unicorn-25804.exe
2224	Unicorn-25804.exe
940	Unicorn-14943.exe
3068	Unicorn-56531.exe
1964	Unicorn-45670.exe
2196	Unicorn-41093.exe
2452	Unicorn-17143.exe
1404	Unicorn-55483.exe
1020	Unicorn-62260.exe
1152	Unicorn-60.exe

Loads dropped DLL 64 IoCs

Processes:

65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exeUnicorn-30496.exeUnicorn-19396.exeUnicorn-30256.exeWerFault.exeUnicorn-19997.exeUnicorn-968.exeUnicorn-9136.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-46168.exeUnicorn-14050.exeUnicorn-10542.exeUnicorn-33916.exeWerFault.exeWerFault.exe

pid	process
1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
1644	Unicorn-30496.exe
1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
1644	Unicorn-30496.exe
1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
2556	Unicorn-19396.exe
2556	Unicorn-19396.exe
1644	Unicorn-30496.exe
1644	Unicorn-30496.exe
2288	Unicorn-30256.exe
2288	Unicorn-30256.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2932	Unicorn-19997.exe
2932	Unicorn-19997.exe
2288	Unicorn-30256.exe
2288	Unicorn-30256.exe
2464	Unicorn-968.exe
2464	Unicorn-968.exe
2556	Unicorn-19396.exe
2556	Unicorn-19396.exe
2612	Unicorn-9136.exe
2612	Unicorn-9136.exe
236	WerFault.exe
236	WerFault.exe
236	WerFault.exe
236	WerFault.exe
236	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
984	WerFault.exe
984	WerFault.exe
984	WerFault.exe
984	WerFault.exe
320	WerFault.exe
984	WerFault.exe
1456	Unicorn-46168.exe
1456	Unicorn-46168.exe
2932	Unicorn-19997.exe
2932	Unicorn-19997.exe
2552	Unicorn-14050.exe
2552	Unicorn-14050.exe
1476	Unicorn-10542.exe
1476	Unicorn-10542.exe
2464	Unicorn-968.exe
2464	Unicorn-968.exe
2752	Unicorn-33916.exe
2752	Unicorn-33916.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2584	1560	WerFault.exe	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
2920	1644	WerFault.exe	Unicorn-30496.exe
236	1584	WerFault.exe	Unicorn-65218.exe
320	2556	WerFault.exe	Unicorn-19396.exe
984	2288	WerFault.exe	Unicorn-30256.exe
1512	2932	WerFault.exe	Unicorn-19997.exe
864	2464	WerFault.exe	Unicorn-968.exe
1776	1456	WerFault.exe	Unicorn-46168.exe
1624	2552	WerFault.exe	Unicorn-14050.exe
1840	2968	WerFault.exe	Unicorn-7138.exe
1412	1476	WerFault.exe	Unicorn-10542.exe
1996	2752	WerFault.exe	Unicorn-33916.exe
2668	2612	WerFault.exe	Unicorn-9136.exe
2120	2768	WerFault.exe	Unicorn-35068.exe
1728	2492	WerFault.exe	Unicorn-11694.exe
2124	2268	WerFault.exe	Unicorn-58202.exe
1876	2032	WerFault.exe	Unicorn-33506.exe
1000	1400	WerFault.exe	Unicorn-29422.exe
2044	1596	WerFault.exe	Unicorn-9556.exe
2708	688	WerFault.exe	Unicorn-48726.exe
3036	2856	WerFault.exe	Unicorn-33781.exe
2704	1016	WerFault.exe	Unicorn-40557.exe
2688	276	WerFault.exe	Unicorn-29697.exe
2572	2008	WerFault.exe	Unicorn-42503.exe
1928	352	WerFault.exe	Unicorn-54756.exe
1636	1864	WerFault.exe	Unicorn-43895.exe
1372	1868	WerFault.exe	Unicorn-31643.exe
2168	2388	WerFault.exe	Unicorn-29265.exe
2972	2644	WerFault.exe	Unicorn-54284.exe
828	2744	WerFault.exe	Unicorn-54284.exe
2772	1360	WerFault.exe	Unicorn-61061.exe
448	2300	WerFault.exe	Unicorn-22166.exe
1252	2656	WerFault.exe	Unicorn-29588.exe
904	2604	WerFault.exe	Unicorn-37948.exe
1640	752	WerFault.exe	Unicorn-24112.exe
1736	2480	WerFault.exe	Unicorn-40448.exe
2192	2988	WerFault.exe	Unicorn-58923.exe
2952	2528	WerFault.exe	Unicorn-17336.exe
2036	2184	WerFault.exe	Unicorn-13251.exe
2828	2652	WerFault.exe	Unicorn-21420.exe
4048	1536	WerFault.exe	Unicorn-444.exe
4088	1484	WerFault.exe	Unicorn-444.exe
3308	112	WerFault.exe	Unicorn-8337.exe
3504	1216	WerFault.exe	Unicorn-51871.exe
3644	1552	WerFault.exe	Unicorn-14367.exe
3748	2248	WerFault.exe	Unicorn-61985.exe
3864	1692	WerFault.exe	Unicorn-8145.exe
3880	2848	WerFault.exe	Unicorn-61430.exe
3940	2664	WerFault.exe	Unicorn-17060.exe
3972	2212	WerFault.exe	Unicorn-59484.exe
3988	3064	WerFault.exe	Unicorn-61430.exe
3536	1020	WerFault.exe	Unicorn-62260.exe
3556	1152	WerFault.exe	Unicorn-60.exe
3608	2224	WerFault.exe	Unicorn-25804.exe
3604	2800	WerFault.exe	Unicorn-49261.exe
3696	1992	WerFault.exe	Unicorn-45177.exe
3736	2196	WerFault.exe	Unicorn-41093.exe
3772	1200	WerFault.exe	Unicorn-42223.exe
3116	1296	WerFault.exe	Unicorn-6666.exe
3228	772	WerFault.exe	Unicorn-17527.exe
3240	2452	WerFault.exe	Unicorn-17143.exe
3448	1920	WerFault.exe	Unicorn-57922.exe
3500	1912	WerFault.exe	Unicorn-64035.exe
3664	2172	WerFault.exe	Unicorn-12888.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exeUnicorn-30496.exeUnicorn-19396.exeUnicorn-30256.exeUnicorn-19997.exeUnicorn-9136.exeUnicorn-968.exeUnicorn-46168.exeUnicorn-14050.exeUnicorn-33916.exeUnicorn-10542.exeUnicorn-65218.exeUnicorn-35068.exeUnicorn-11694.exeUnicorn-58202.exeUnicorn-33506.exeUnicorn-9556.exeUnicorn-29422.exeUnicorn-7138.exeUnicorn-48726.exeUnicorn-33781.exeUnicorn-29697.exeUnicorn-40557.exeUnicorn-43895.exeUnicorn-54756.exeUnicorn-31643.exeUnicorn-42503.exeUnicorn-29265.exeUnicorn-54284.exeUnicorn-54284.exeUnicorn-61061.exeUnicorn-22166.exeUnicorn-37948.exeUnicorn-29588.exeUnicorn-40448.exeUnicorn-21420.exeUnicorn-17336.exeUnicorn-13251.exeUnicorn-58923.exeUnicorn-24112.exeUnicorn-8337.exeUnicorn-14367.exeUnicorn-51871.exeUnicorn-17060.exeUnicorn-59484.exeUnicorn-61985.exeUnicorn-8145.exeUnicorn-30704.exeUnicorn-61430.exeUnicorn-57922.exeUnicorn-61430.exeUnicorn-26620.exeUnicorn-64699.exeUnicorn-64699.exeUnicorn-25804.exeUnicorn-14943.exeUnicorn-49754.exeUnicorn-25804.exeUnicorn-56531.exeUnicorn-45670.exeUnicorn-41093.exeUnicorn-17143.exeUnicorn-55483.exeUnicorn-62260.exe

pid	process
1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
1644	Unicorn-30496.exe
2556	Unicorn-19396.exe
2288	Unicorn-30256.exe
2932	Unicorn-19997.exe
2612	Unicorn-9136.exe
2464	Unicorn-968.exe
1456	Unicorn-46168.exe
2552	Unicorn-14050.exe
2752	Unicorn-33916.exe
1476	Unicorn-10542.exe
1584	Unicorn-65218.exe
2768	Unicorn-35068.exe
2492	Unicorn-11694.exe
2268	Unicorn-58202.exe
2032	Unicorn-33506.exe
1596	Unicorn-9556.exe
1400	Unicorn-29422.exe
2968	Unicorn-7138.exe
688	Unicorn-48726.exe
2856	Unicorn-33781.exe
276	Unicorn-29697.exe
1016	Unicorn-40557.exe
1864	Unicorn-43895.exe
352	Unicorn-54756.exe
1868	Unicorn-31643.exe
2008	Unicorn-42503.exe
2388	Unicorn-29265.exe
2644	Unicorn-54284.exe
2744	Unicorn-54284.exe
1360	Unicorn-61061.exe
2300	Unicorn-22166.exe
2604	Unicorn-37948.exe
2656	Unicorn-29588.exe
2480	Unicorn-40448.exe
2652	Unicorn-21420.exe
2528	Unicorn-17336.exe
2184	Unicorn-13251.exe
2988	Unicorn-58923.exe
752	Unicorn-24112.exe
112	Unicorn-8337.exe
1552	Unicorn-14367.exe
1216	Unicorn-51871.exe
2664	Unicorn-17060.exe
2212	Unicorn-59484.exe
2248	Unicorn-61985.exe
1692	Unicorn-8145.exe
2264	Unicorn-30704.exe
2848	Unicorn-61430.exe
1920	Unicorn-57922.exe
3064	Unicorn-61430.exe
2868	Unicorn-26620.exe
1916	Unicorn-64699.exe
1228	Unicorn-64699.exe
3028	Unicorn-25804.exe
940	Unicorn-14943.exe
1224	Unicorn-49754.exe
2224	Unicorn-25804.exe
3068	Unicorn-56531.exe
1964	Unicorn-45670.exe
2196	Unicorn-41093.exe
2452	Unicorn-17143.exe
1404	Unicorn-55483.exe
1020	Unicorn-62260.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exeUnicorn-30496.exeUnicorn-19396.exeUnicorn-30256.exeUnicorn-19997.exeUnicorn-968.exeUnicorn-9136.exeUnicorn-65218.exe

description	pid	process	target process
PID 1560 wrote to memory of 1644	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30496.exe
PID 1560 wrote to memory of 1644	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30496.exe
PID 1560 wrote to memory of 1644	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30496.exe
PID 1560 wrote to memory of 1644	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30496.exe
PID 1644 wrote to memory of 2556	1644	Unicorn-30496.exe	Unicorn-19396.exe
PID 1644 wrote to memory of 2556	1644	Unicorn-30496.exe	Unicorn-19396.exe
PID 1644 wrote to memory of 2556	1644	Unicorn-30496.exe	Unicorn-19396.exe
PID 1644 wrote to memory of 2556	1644	Unicorn-30496.exe	Unicorn-19396.exe
PID 1560 wrote to memory of 2288	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30256.exe
PID 1560 wrote to memory of 2288	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30256.exe
PID 1560 wrote to memory of 2288	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30256.exe
PID 1560 wrote to memory of 2288	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	Unicorn-30256.exe
PID 1560 wrote to memory of 2584	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	WerFault.exe
PID 1560 wrote to memory of 2584	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	WerFault.exe
PID 1560 wrote to memory of 2584	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	WerFault.exe
PID 1560 wrote to memory of 2584	1560	65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe	WerFault.exe
PID 2556 wrote to memory of 2612	2556	Unicorn-19396.exe	Unicorn-9136.exe
PID 2556 wrote to memory of 2612	2556	Unicorn-19396.exe	Unicorn-9136.exe
PID 2556 wrote to memory of 2612	2556	Unicorn-19396.exe	Unicorn-9136.exe
PID 2556 wrote to memory of 2612	2556	Unicorn-19396.exe	Unicorn-9136.exe
PID 1644 wrote to memory of 2932	1644	Unicorn-30496.exe	Unicorn-19997.exe
PID 1644 wrote to memory of 2932	1644	Unicorn-30496.exe	Unicorn-19997.exe
PID 1644 wrote to memory of 2932	1644	Unicorn-30496.exe	Unicorn-19997.exe
PID 1644 wrote to memory of 2932	1644	Unicorn-30496.exe	Unicorn-19997.exe
PID 2288 wrote to memory of 2464	2288	Unicorn-30256.exe	Unicorn-968.exe
PID 2288 wrote to memory of 2464	2288	Unicorn-30256.exe	Unicorn-968.exe
PID 2288 wrote to memory of 2464	2288	Unicorn-30256.exe	Unicorn-968.exe
PID 2288 wrote to memory of 2464	2288	Unicorn-30256.exe	Unicorn-968.exe
PID 1644 wrote to memory of 2920	1644	Unicorn-30496.exe	WerFault.exe
PID 1644 wrote to memory of 2920	1644	Unicorn-30496.exe	WerFault.exe
PID 1644 wrote to memory of 2920	1644	Unicorn-30496.exe	WerFault.exe
PID 1644 wrote to memory of 2920	1644	Unicorn-30496.exe	WerFault.exe
PID 2932 wrote to memory of 1456	2932	Unicorn-19997.exe	Unicorn-46168.exe
PID 2932 wrote to memory of 1456	2932	Unicorn-19997.exe	Unicorn-46168.exe
PID 2932 wrote to memory of 1456	2932	Unicorn-19997.exe	Unicorn-46168.exe
PID 2932 wrote to memory of 1456	2932	Unicorn-19997.exe	Unicorn-46168.exe
PID 2288 wrote to memory of 2552	2288	Unicorn-30256.exe	Unicorn-14050.exe
PID 2288 wrote to memory of 2552	2288	Unicorn-30256.exe	Unicorn-14050.exe
PID 2288 wrote to memory of 2552	2288	Unicorn-30256.exe	Unicorn-14050.exe
PID 2288 wrote to memory of 2552	2288	Unicorn-30256.exe	Unicorn-14050.exe
PID 2464 wrote to memory of 2752	2464	Unicorn-968.exe	Unicorn-33916.exe
PID 2464 wrote to memory of 2752	2464	Unicorn-968.exe	Unicorn-33916.exe
PID 2464 wrote to memory of 2752	2464	Unicorn-968.exe	Unicorn-33916.exe
PID 2464 wrote to memory of 2752	2464	Unicorn-968.exe	Unicorn-33916.exe
PID 2556 wrote to memory of 1476	2556	Unicorn-19396.exe	Unicorn-10542.exe
PID 2556 wrote to memory of 1476	2556	Unicorn-19396.exe	Unicorn-10542.exe
PID 2556 wrote to memory of 1476	2556	Unicorn-19396.exe	Unicorn-10542.exe
PID 2556 wrote to memory of 1476	2556	Unicorn-19396.exe	Unicorn-10542.exe
PID 2612 wrote to memory of 1584	2612	Unicorn-9136.exe	Unicorn-65218.exe
PID 2612 wrote to memory of 1584	2612	Unicorn-9136.exe	Unicorn-65218.exe
PID 2612 wrote to memory of 1584	2612	Unicorn-9136.exe	Unicorn-65218.exe
PID 2612 wrote to memory of 1584	2612	Unicorn-9136.exe	Unicorn-65218.exe
PID 1584 wrote to memory of 236	1584	Unicorn-65218.exe	WerFault.exe
PID 1584 wrote to memory of 236	1584	Unicorn-65218.exe	WerFault.exe
PID 1584 wrote to memory of 236	1584	Unicorn-65218.exe	WerFault.exe
PID 1584 wrote to memory of 236	1584	Unicorn-65218.exe	WerFault.exe
PID 2556 wrote to memory of 320	2556	Unicorn-19396.exe	WerFault.exe
PID 2556 wrote to memory of 320	2556	Unicorn-19396.exe	WerFault.exe
PID 2556 wrote to memory of 320	2556	Unicorn-19396.exe	WerFault.exe
PID 2556 wrote to memory of 320	2556	Unicorn-19396.exe	WerFault.exe
PID 2288 wrote to memory of 984	2288	Unicorn-30256.exe	WerFault.exe
PID 2288 wrote to memory of 984	2288	Unicorn-30256.exe	WerFault.exe
PID 2288 wrote to memory of 984	2288	Unicorn-30256.exe	WerFault.exe
PID 2288 wrote to memory of 984	2288	Unicorn-30256.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe
"C:\Users\Admin\AppData\Local\Temp\65a4fd046e5c289d1271238b55b72ed7435b53bea43ebcfdd1213399a22736e5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        5⤵
        Program crash
        
        PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        8⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        13⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        14⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        13⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        12⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        10⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        9⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        8⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        11⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        12⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        13⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
        13⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        11⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
        9⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        8⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        7⤵
        Program crash
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        12⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        13⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        14⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        13⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        11⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        10⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        11⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        12⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
        13⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
        12⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
        11⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        10⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        9⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        11⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        12⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        13⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11524 -s 216
        13⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 204
        12⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 236
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        10⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        11⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        12⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        11⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 220
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        7⤵
        Program crash
        
        PID:2192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        12⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        13⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        14⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        12⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
        11⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 220
        10⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 236
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        10⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        11⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        11⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        12⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        13⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        7⤵
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        11⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
        12⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        11⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        10⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 236
        11⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        10⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        7⤵
        
        PID:4668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 220
        6⤵
        Program crash
        
        PID:1928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        5⤵
        Program crash
        
        PID:1412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41093.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        12⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        13⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        14⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        15⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
        15⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 204
        14⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        13⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        12⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        11⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        11⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        12⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3727.exe
        13⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        14⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        12⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        12⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
        13⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        13⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        12⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        11⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        9⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        11⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        12⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        13⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        14⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 216
        14⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 220
        13⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        12⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        10⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
        11⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        12⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        13⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        13⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        12⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        11⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        12⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        11⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        8⤵
        Program crash
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        7⤵
        Program crash
        
        PID:2168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        6⤵
        Program crash
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        11⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        13⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        14⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
        14⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        13⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 236
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        11⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        10⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        12⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        12⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        10⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        12⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        13⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        12⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 236
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        9⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        8⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        11⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        12⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        13⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        11⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 216
        9⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        8⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        Program crash
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        11⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        12⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        13⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
        12⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        11⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        10⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        10⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        11⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
        11⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        10⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        7⤵
        Program crash
        
        PID:3504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        6⤵
        Program crash
        
        PID:2708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        5⤵
        Program crash
        
        PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        10⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        11⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        12⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        13⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 236
        12⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
        9⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        12⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        13⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 220
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        11⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        9⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        8⤵
        Program crash
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        11⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        12⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        13⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
        12⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48529.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
        10⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        11⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        12⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        10⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        7⤵
        Program crash
        
        PID:3748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 220
        6⤵
        Program crash
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        10⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48613.exe
        11⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
        12⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        11⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        10⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 236
        10⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        9⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
        10⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
        10⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        9⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        7⤵
        
        PID:4952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 220
        6⤵
        Program crash
        
        PID:448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        5⤵
        Program crash
        
        PID:1728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        8⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        12⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        13⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        14⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        11⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        10⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        9⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        12⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
        13⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        12⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        10⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        9⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        8⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
        11⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        12⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        13⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        12⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        Program crash
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        7⤵
        Program crash
        
        PID:2772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 216
        6⤵
        Program crash
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        9⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        11⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        12⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        12⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        11⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
        10⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        10⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        11⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        12⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        11⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
        10⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        9⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 216
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        Program crash
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
        13⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        12⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        10⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        11⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        12⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 236
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        11⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        10⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        9⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        8⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        7⤵
        
        PID:3552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:2572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        5⤵
        Program crash
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        8⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        9⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        11⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 236
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 220
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        11⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        12⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        7⤵
        Program crash
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        10⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        8⤵
        Program crash
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        11⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        12⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        9⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        8⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        7⤵
        Program crash
        
        PID:3608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        6⤵
        Program crash
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        11⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        12⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        13⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
        12⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        9⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        10⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15700.exe
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
        11⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        10⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        9⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        6⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        11⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        12⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 204
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        8⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        7⤵
        
        PID:3188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 220
        6⤵
        Program crash
        
        PID:1640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        5⤵
        Program crash
        
        PID:2044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        11⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
        12⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        13⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        11⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        8⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        11⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        12⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        12⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        11⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        8⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
        7⤵
        Program crash
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        11⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        12⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
        12⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
        10⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        9⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        10⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        11⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 236
        10⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        9⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        8⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        7⤵
        
        PID:4772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        6⤵
        Program crash
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        11⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        12⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        10⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        10⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 220
        10⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        9⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        8⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        
        PID:5252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
        6⤵
        Program crash
        
        PID:1736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        5⤵
        Program crash
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        10⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        11⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 236
        12⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
        11⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
        7⤵
        Program crash
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        11⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 204
        11⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        7⤵
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        6⤵
        Program crash
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        11⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        10⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        7⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        10⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        10⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        9⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        8⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        7⤵
        
        PID:6240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        
        PID:4548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        5⤵
        Program crash
        
        PID:2704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
      4⤵
      Program crash
      PID:1624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
  2⤵
  - Program crash
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe

Filesize
184KB

MD5
6d4725432eb72d0bb3068c4b4c956deb

SHA1
eec0a1c5118c3153bd52bc4b148ffd12a96fbc35

SHA256
670109a03d9726819881570438c5d48c98e8639010052dc0830fc684754eb95e

SHA512
8793d2184c0312b325e8fc29b641e2ff1805bb6e13a2d06745cc24d890a61217a0c7573d3f0d857bcb923b96405a018b5d42314e526c66dddfe7250befee5610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe

Filesize
184KB

MD5
7b9a7e5976b21971c5c8c0a8a7beaa40

SHA1
a24545ba21530d5a09dbac60b5fc3f59cd09644f

SHA256
1b8f16f3fb34f87148533b6021d4a88954f2d664b9f98d85aa02fc6ccba379c1

SHA512
ea5e1e73e2de6f7de1aecbe6f29092614c0167c0cdd5b60f6891cb468a716162bf40902f5194b91c28d6e6a4d5a7e7b368250b32ae9b481986a9617f67980e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe

Filesize
184KB

MD5
4ad8af7f7f541fb6511b41dde127d88d

SHA1
cbe7f26b9e84799f7551759c73a92314d786487d

SHA256
7c5853148b6a689ab0b77ca1a44e15c1af09b47ad41fb2d87a9e697359596211

SHA512
cc49cff6b9e17405c7033bd89e7afcc8c57b64e9fa10f10b94d1eb16cfa04034da372633e23befc899cd3b9a4cb83bee31ca0f27826344850d8bb0f303585bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe

Filesize
184KB

MD5
23477670b19141fe771b8614580daf57

SHA1
20c0a2c21d288a14121120dc1e7eaada3612d600

SHA256
12de42e444142eb57fb38e79fbe1c553fb9a511db89885b1c1778274e90b4474

SHA512
d0c35eaab359eb67f1639671472a99682cf5e7ce86c0582b1ceb89048ec1d25088230766388066a383d470ef6c38c350e91f67ea7e64208fb05d1ede2ca77839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe

Filesize
184KB

MD5
2c1c3c9ce1715623c4f8f766def09e9f

SHA1
5ad1f78e08db322427b243113c3a29ff1c06559c

SHA256
550c2f0b00ca2322ef10a658e03478e43cf30b56824a901fbdf89827c46c731a

SHA512
9678c33c4ce285fcea3111fb33927338a675c225ab61801fd501bb7887cf70b9daaa3cff5a4617fffc22e37796ca9b43dad134ec860672849bbd249b27668d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe

Filesize
184KB

MD5
7f3143bc9ce929f3e005d2ab613baf9c

SHA1
a836c967b46095cecd39cf6e0b8a35225681e039

SHA256
aa6d232b4646b1f32ef02fa2297695499527f32d13a38a4d06117f6615b4bd1b

SHA512
6c66bdca887001708c34dbf16593ebcadb308b9a3a54a9bcbb93541d0fc62ed127bb041576cd8352c20c370bd22320fd3c9d51491c35591eef0f8e62a6b917ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe

Filesize
184KB

MD5
78591e53126e1d9ba2f6b0cf8cf04de1

SHA1
d96c6c955f4c7e82058b7df93435313dab152489

SHA256
19272e325fe8ca3d902e861d9cc42cf203b2e87ed76c588549dfe2d06f2a2aa0

SHA512
4e36ab2d851bbc5bdc6d2f34857daf5ac40a8f6d8c440d47bc08edd5f1708ee9f10ecd104a01b96cb755c3b1a71a4493185e3e30ec2a1276ab8a46bd037749e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe

Filesize
184KB

MD5
1922e335ca6162fafdbe37a232ffc291

SHA1
9bb987d0b3abb42e9a28bb7f5330c8eb00978e7f

SHA256
c5cdb5cf58ae0b18711e374fa7113498cbab863af693f5c8437a98e6cdaf1228

SHA512
d01633e3184e571374d45203588d37be00859ae71a54b25bbf74045fb522f180e341cb3d6bb66964166fef2e2ebe9a280fea13bebaac6e68d1f7f3a0ce04ba2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe

Filesize
184KB

MD5
eb164cf51a96fadc5a4544b03b3120b7

SHA1
f275547f18f0ef09463ceea382485e9cec2d23b7

SHA256
a73ab29df2b3d6e3e2a5e44160adeae29b1874d369545b90b4ccdabb9919b390

SHA512
3f8db7fe2573900a64e25742d149e93a4c4ff199395fbb22efb62b3a09e8fd4e449b30b15a6486ed6390e2203acab60337f2bd2c257500ac2b022779ed671e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe

Filesize
184KB

MD5
9f076c0785e15519a66886f2191a4ae0

SHA1
17499e9fc04f9b765f7691724c16ac76a700f0d1

SHA256
722999e369e0602275949e081afd2c5e4ee771d962e0413190cd9ab1ae815fd5

SHA512
95cee91b33d8e3b6793cf5742e35fb54fdc87ed5e6077a5a841083a948ec00bd1860760dc8b3751240025cae1779b1270c91ef78645c5231ed6f4552df6acce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe

Filesize
184KB

MD5
f9b649ce2aee3be3c6676486db126f46

SHA1
0a8e04c66f56bf8ea05d2154fdf723565e132bd3

SHA256
dd51819ecd065fae08ec3fa7b2268652cc66ef69c9cc2f8940ac6f0dd53001e2

SHA512
d13884a5930e5cd24c2aa800e1283e5f79ba1cc3729cc0a40a5ab7920f12fe30b0fb14d61cb2c57ce497f6369508b6f1d10c1ba990478d282b6a017b659355ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe

Filesize
184KB

MD5
0022c15f85eecfe9445f016cb3cb7164

SHA1
bcec0e7e08e6c986387227ca5f39d1f74930f050

SHA256
118d8ad9345d61f50fb3186bd8f123323ca0eaab00d4c85d57b578f230ebb2eb

SHA512
1f6d53a012efdaeda4b70b29fea15b313d7e249328aaa4ae82ee616864102a06cc8c7ee5dde58b05a44184644bba3a23cb64df6d0084c9317c8de9e03454829e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe

Filesize
184KB

MD5
e0b05e6a1dcb99b8a3a89d615ac8167c

SHA1
39ae297a1245d54a4b876f876f27222f04943361

SHA256
4c901663adfcd827c50c565b924fd2a669f6dbce6b41216891a715fd32b7fe4e

SHA512
6863e219fabaea09276b96f15eedc560ff97d60e6ad59b0e56791f40b57da38bbc5f9430bd576702198fb3e45f10a5a8007782ec6b12b3bacf17978959f63f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe

Filesize
184KB

MD5
be8441fa0c8712fa4a8cc2420f802f4e

SHA1
e72759c8ed33c92ddace76de906d8e1984a42519

SHA256
0f81ab7933d971b1c302dd22e2c385caa290e4503f071aeee567141131e4ed93

SHA512
fc9707a3308a4fbf8bbad010538f8f809ce90cea589fae561b63a8d19152dbdf2fbfeb27ce2d7f94a646ee939b4c863eba9c8fdb6f697d78d468847d2e2663c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe

Filesize
184KB

MD5
6861ae731a9d37f854fe02ffb8bceae4

SHA1
3b6cf2bc8b09cc7e3f2fffc0de8d7a6144a18459

SHA256
827cb3fadabcb274a323c10fa8a7e47b16d203320155b28fa561396a8b081c17

SHA512
52acc9427ca90e8e28dc331770b8f8197bf8be59be960fdee0cc948aa889b033ba642a155da97afbed00fb8fbf16328597c0e538b1ea61c61f37374467aa3ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe

Filesize
184KB

MD5
bc03a554aac2ef6d1a354018f87caf16

SHA1
35e20ca6a2e834789d36e20005d8a4c890dccddc

SHA256
8d2ecbb53a7dda60e02d235d5bd735ebee3085e1c4f8fd794062445d4fa4d2d3

SHA512
ea67b4287d9de6fb92831c920e0863533186aae5ca1a1316fc36019a565d51a0c108120ce0fb9db4c1af3a179dafc144c2fe2459251e204bb248fb254afc899c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe

Filesize
184KB

MD5
33e63f50238151dbe9d2d81a363e8956

SHA1
8f24c096c7d4ac43a31269839bdd7af7f44b49eb

SHA256
abd19ecf041ea0a7db24cf0b8b634e183d954bc8961b5ba19b7dd3b3f8fc0695

SHA512
ad5c5dd06ebfa186af3ca91202460f5b6c4a8b240e16d32028c89a8c6383e4f6c3954ed4602ec8eadac2be73ec1e069027aa2fd3d889467453f4da44bb9eb522

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe

Filesize
184KB

MD5
fac1c0b8757853d0b9ddb7d4b2ab2417

SHA1
3f4667a861d1cf6d4633e3808bd5095c49d5840b

SHA256
c2b3a05196b3bd0a4fc71cd89923af633c555bdb218571b8f3faa09b0681177d

SHA512
1ec62261c62681f93e9ce9318296e963c45d9f1639f72a8cce06533dfd9ad4087ed259aa90ca5d7aa60a1b28d595b9dd164991c1bd3c51f48ea6bae0849ffe36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe

Filesize
184KB

MD5
24e0073c993f168a34849197ead880bd

SHA1
7150e09619dad59407eb7ded65e840af958ce834

SHA256
3b8feaa4f1205372e4b55e967df185d2052066206de5e1597b2179e585f6021f

SHA512
3cf022c8ec2e588670d8a0c90055c3547f905babca17704a04e9c46fe9d0c973a4b69f09052480e01488cdca19791016ac498629479ce83e7dc1b6fc75053f32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe

Filesize
184KB

MD5
79d6e4d1ea1ffffe7b51870dc986d7b9

SHA1
570f0235e5e4ea8ee0bc7a5bd576ee4a241513cc

SHA256
97f235f86bed8cd55d8208ab783833f94e89204659ed599f81b4bbc22ec44966

SHA512
9cf7f0b0616cac8dad7e289f3678e19a4831e7d4d0f97b0ca15ff173b4aaccbffc08eac30b5ab733a73e2e3ec8bbe9b96ee9fc79c5f7dcc44cc5c08b2abab6ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe

Filesize
184KB

MD5
590029c332b09a58f561bbac64fbcd58

SHA1
91dbba7d0fb20f32770f04b546836725106d32d8

SHA256
13e7ffa9a72f83556c5d5980bb5f52755446a2666fd7ef4276009c38fdfbb1c0

SHA512
42cae170e6f001a2f97e481c9801add6f7dffd0dfd4caf6fab8a9dcdc555226844e634cb5fd010b3b9c803ecabf115ccdf97af68fba1f499caa85bba855c11d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe

Filesize
184KB

MD5
9d845d06a797f857bd00d5a7c9faacf0

SHA1
0fcb1ff39a585f4bd5e42546e2158e33833960b7

SHA256
13d8b729f9f469e50978951ab9fc26d9e54904f9e7779765523337c1ac97d42c

SHA512
185acf376e7c5e1b0112df7145c29bc7aa28601b49131f345a2facd48b2d413c72680a12dc62233ecba3954c9610fa7e55ef0bd24be0ecd36fa8eb2996aecfe3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe

Filesize
184KB

MD5
3a3cf38e3241767b514e093077460537

SHA1
a2a874554f58bd3719d36340bbab91dbffa9ecac

SHA256
3bba178edb7969a399b0e131415985e7fb8710d589889c36604396aa13f23f06

SHA512
03b83f71870a9feb3fd0017e95f162ef8dcd2a6363f02371758250b1b6e4c11116b3b37c6155dc28d0d8641b82864919a99eddf308804145d961d1c586d532d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe

Filesize
184KB

MD5
0fecaeb9ec538ed7865f2967db892270

SHA1
b4795af77e82f086c42b964e492ab48987b5621c

SHA256
1bddfd1fba95cd0e7617e317541b079863bab4bd149d42fe9b2346ff39ba85e9

SHA512
2f46d1d5ea0f84ef1b4af66eda5054314d64ffd646dc7617ea457042cebce560c92f404219049edec123112369033d1a2ab4b6b9f00d375ceba7c681ce4619c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe

Filesize
184KB

MD5
ecc9219366735fde1fec7a4f7a90c789

SHA1
f2c5fe82b5f469482faf3fe5feb4aebd0e51ae18

SHA256
bee7d05a0a8ecd6376301807b3b82039a13d3a76d76c84920bd702000dba669e

SHA512
0b6f482a8435a850592ff59a249083358de86bea2301f5e748deee88375553785c18f929c74ae449d108e5ceee7408249a72a43cae707348c66494a9b81f2324

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-968.exe

Filesize
184KB

MD5
ba2f80bd54c0b708a5c595973db30961

SHA1
cd6ee93ea547393a7f10772f48f3d6d117a1837c

SHA256
22f9bc97dee65a3b113fc1c74d2aa1876fce4e913df29669b3073e3e3c3307de

SHA512
74abf4ac02b7d502f271eaa305c14718b788106dcb24237011f26f18b50ee46e7233a85a93e47c0e8a226ca2eebf3dfcf4130f181c176fe56d6d3ec9f010128b

Download Submit