7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
Size

184KB
MD5

c25c285ce23695c0ddd99473f388e3ac
SHA1

2f0efaa4c9dd2a293d79eb827fed862bf9b4ea6b
SHA256

7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546
SHA512

1c2abe56e4a1446d6f9f8e731599b2fb062237dd25a66b027cab5602d31098710d785db6bac0817a475c8e9e4dc213e4ba9337e36d075b6c4c7ec77d98212df9
SSDEEP

3072:dq/3dxoTp1KTdUxVe/7bag3xhlwViFkn3:dqfoiJUxIbb3xhlwViFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-21597.exeUnicorn-48322.exeUnicorn-28456.exeUnicorn-58711.exeUnicorn-37584.exeUnicorn-35961.exeUnicorn-53449.exeUnicorn-64310.exeUnicorn-164.exeUnicorn-164.exeUnicorn-62364.exeUnicorn-49604.exeUnicorn-37906.exeUnicorn-58903.exeUnicorn-9147.exeUnicorn-36344.exeUnicorn-49687.exeUnicorn-29328.exeUnicorn-14383.exeUnicorn-55971.exeUnicorn-65530.exeUnicorn-13314.exeUnicorn-24175.exeUnicorn-26636.exeUnicorn-41109.exeUnicorn-49277.exeUnicorn-60138.exeUnicorn-8436.exeUnicorn-19297.exeUnicorn-35079.exeUnicorn-12520.exeUnicorn-24773.exeUnicorn-35633.exeUnicorn-823.exeUnicorn-20689.exeUnicorn-2297.exeUnicorn-43885.exeUnicorn-41192.exeUnicorn-52053.exeUnicorn-6381.exeUnicorn-31078.exeUnicorn-23464.exeUnicorn-8519.exeUnicorn-20580.exeUnicorn-12966.exeUnicorn-28748.exeUnicorn-28748.exeUnicorn-21134.exeUnicorn-51861.exeUnicorn-6189.exeUnicorn-17050.exeUnicorn-32230.exeUnicorn-43090.exeUnicorn-9671.exeUnicorn-9671.exeUnicorn-63319.exeUnicorn-48374.exeUnicorn-40760.exeUnicorn-60626.exeUnicorn-33984.exeUnicorn-57097.exeUnicorn-24747.exeUnicorn-7341.exeUnicorn-17325.exe

pid	process
2268	Unicorn-21597.exe
2848	Unicorn-48322.exe
2108	Unicorn-28456.exe
2920	Unicorn-58711.exe
2832	Unicorn-37584.exe
2648	Unicorn-35961.exe
1988	Unicorn-53449.exe
2796	Unicorn-64310.exe
2900	Unicorn-164.exe
3000	Unicorn-164.exe
3020	Unicorn-62364.exe
2776	Unicorn-49604.exe
1152	Unicorn-37906.exe
2080	Unicorn-58903.exe
2940	Unicorn-9147.exe
2772	Unicorn-36344.exe
1660	Unicorn-49687.exe
1916	Unicorn-29328.exe
2504	Unicorn-14383.exe
1084	Unicorn-55971.exe
1356	Unicorn-65530.exe
1880	Unicorn-13314.exe
1928	Unicorn-24175.exe
1656	Unicorn-26636.exe
1720	Unicorn-41109.exe
1744	Unicorn-49277.exe
1796	Unicorn-60138.exe
1728	Unicorn-8436.exe
2132	Unicorn-19297.exe
1060	Unicorn-35079.exe
2644	Unicorn-12520.exe
2680	Unicorn-24773.exe
2276	Unicorn-35633.exe
2816	Unicorn-823.exe
380	Unicorn-20689.exe
2864	Unicorn-2297.exe
2880	Unicorn-43885.exe
2008	Unicorn-41192.exe
2500	Unicorn-52053.exe
2000	Unicorn-6381.exe
316	Unicorn-31078.exe
2216	Unicorn-23464.exe
1564	Unicorn-8519.exe
1272	Unicorn-20580.exe
2140	Unicorn-12966.exe
2308	Unicorn-28748.exe
1264	Unicorn-28748.exe
992	Unicorn-21134.exe
840	Unicorn-51861.exe
560	Unicorn-6189.exe
2916	Unicorn-17050.exe
2460	Unicorn-32230.exe
2264	Unicorn-43090.exe
2260	Unicorn-9671.exe
1256	Unicorn-9671.exe
2748	Unicorn-63319.exe
2640	Unicorn-48374.exe
2740	Unicorn-40760.exe
2652	Unicorn-60626.exe
2860	Unicorn-33984.exe
2980	Unicorn-57097.exe
1296	Unicorn-24747.exe
812	Unicorn-7341.exe
2012	Unicorn-17325.exe

Loads dropped DLL 64 IoCs

Processes:

7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exeUnicorn-21597.exeUnicorn-48322.exeUnicorn-28456.exeWerFault.exeUnicorn-35961.exeUnicorn-58711.exeUnicorn-37584.exeWerFault.exeWerFault.exeUnicorn-53449.exeUnicorn-64310.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-49604.exe

pid	process
2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
2268	Unicorn-21597.exe
2268	Unicorn-21597.exe
2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
2848	Unicorn-48322.exe
2848	Unicorn-48322.exe
2268	Unicorn-21597.exe
2268	Unicorn-21597.exe
2108	Unicorn-28456.exe
2108	Unicorn-28456.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
2648	Unicorn-35961.exe
2648	Unicorn-35961.exe
2108	Unicorn-28456.exe
2108	Unicorn-28456.exe
2920	Unicorn-58711.exe
2832	Unicorn-37584.exe
2832	Unicorn-37584.exe
2920	Unicorn-58711.exe
2848	Unicorn-48322.exe
2848	Unicorn-48322.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1988	Unicorn-53449.exe
1988	Unicorn-53449.exe
2648	Unicorn-35961.exe
2648	Unicorn-35961.exe
2920	Unicorn-58711.exe
2920	Unicorn-58711.exe
2796	Unicorn-64310.exe
2796	Unicorn-64310.exe
2832	Unicorn-37584.exe
2832	Unicorn-37584.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
776	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
776	WerFault.exe
1168	WerFault.exe
2776	Unicorn-49604.exe
2776	Unicorn-49604.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2288	WerFault.exe	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
3004	2268	WerFault.exe	Unicorn-21597.exe
1812	2848	WerFault.exe	Unicorn-48322.exe
1808	2108	WerFault.exe	Unicorn-28456.exe
3068	2648	WerFault.exe	Unicorn-35961.exe
776	2920	WerFault.exe	Unicorn-58711.exe
1168	2832	WerFault.exe	Unicorn-37584.exe
1920	2900	WerFault.exe	Unicorn-164.exe
408	3000	WerFault.exe	Unicorn-164.exe
1904	1988	WerFault.exe	Unicorn-53449.exe
1992	2796	WerFault.exe	Unicorn-64310.exe
2472	3020	WerFault.exe	Unicorn-62364.exe
2716	1356	WerFault.exe	Unicorn-65530.exe
2556	2776	WerFault.exe	Unicorn-49604.exe
2704	1152	WerFault.exe	Unicorn-37906.exe
2580	2940	WerFault.exe	Unicorn-9147.exe
2304	2080	WerFault.exe	Unicorn-58903.exe
2856	2772	WerFault.exe	Unicorn-36344.exe
1100	1916	WerFault.exe	Unicorn-29328.exe
2948	1660	WerFault.exe	Unicorn-49687.exe
892	2504	WerFault.exe	Unicorn-14383.exe
484	1084	WerFault.exe	Unicorn-55971.exe
1804	1928	WerFault.exe	Unicorn-24175.exe
2964	1880	WerFault.exe	Unicorn-13314.exe
2252	1656	WerFault.exe	Unicorn-26636.exe
2104	1720	WerFault.exe	Unicorn-41109.exe
2696	1744	WerFault.exe	Unicorn-49277.exe
2536	1796	WerFault.exe	Unicorn-60138.exe
3028	1728	WerFault.exe	Unicorn-8436.exe
2804	2132	WerFault.exe	Unicorn-19297.exe
620	1060	WerFault.exe	Unicorn-35079.exe
1816	2644	WerFault.exe	Unicorn-12520.exe
1076	2680	WerFault.exe	Unicorn-24773.exe
1348	2816	WerFault.exe	Unicorn-823.exe
1596	380	WerFault.exe	Unicorn-20689.exe
3140	2864	WerFault.exe	Unicorn-2297.exe
3156	2000	WerFault.exe	Unicorn-6381.exe
3168	2880	WerFault.exe	Unicorn-43885.exe
3188	2008	WerFault.exe	Unicorn-41192.exe
3228	2216	WerFault.exe	Unicorn-23464.exe
3252	316	WerFault.exe	Unicorn-31078.exe
3284	2500	WerFault.exe	Unicorn-52053.exe
3312	2140	WerFault.exe	Unicorn-12966.exe
3320	1272	WerFault.exe	Unicorn-20580.exe
3360	1264	WerFault.exe	Unicorn-28748.exe
3368	560	WerFault.exe	Unicorn-6189.exe
3404	2916	WerFault.exe	Unicorn-17050.exe
3448	2308	WerFault.exe	Unicorn-28748.exe
3440	840	WerFault.exe	Unicorn-51861.exe
3456	992	WerFault.exe	Unicorn-21134.exe
3600	2460	WerFault.exe	Unicorn-32230.exe
3864	2748	WerFault.exe	Unicorn-63319.exe
4060	2260	WerFault.exe	Unicorn-9671.exe
2060	2652	WerFault.exe	Unicorn-60626.exe
1768	1256	WerFault.exe	Unicorn-9671.exe
3804	1556	WerFault.exe	Unicorn-50574.exe
3900	2860	WerFault.exe	Unicorn-33984.exe
3736	2120	WerFault.exe	Unicorn-51965.exe
3572	2616	WerFault.exe	Unicorn-28015.exe
3716	2740	WerFault.exe	Unicorn-40760.exe
4140	1832	WerFault.exe	Unicorn-8986.exe
4232	2244	WerFault.exe	Unicorn-11679.exe
4284	2640	WerFault.exe	Unicorn-48374.exe
4292	2124	WerFault.exe	Unicorn-17155.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exeUnicorn-21597.exeUnicorn-48322.exeUnicorn-28456.exeUnicorn-58711.exeUnicorn-37584.exeUnicorn-35961.exeUnicorn-53449.exeUnicorn-164.exeUnicorn-164.exeUnicorn-62364.exeUnicorn-64310.exeUnicorn-49604.exeUnicorn-37906.exeUnicorn-58903.exeUnicorn-9147.exeUnicorn-36344.exeUnicorn-49687.exeUnicorn-29328.exeUnicorn-14383.exeUnicorn-55971.exeUnicorn-65530.exeUnicorn-13314.exeUnicorn-24175.exeUnicorn-26636.exeUnicorn-41109.exeUnicorn-49277.exeUnicorn-60138.exeUnicorn-8436.exeUnicorn-19297.exeUnicorn-35079.exeUnicorn-12520.exeUnicorn-24773.exeUnicorn-823.exeUnicorn-20689.exeUnicorn-2297.exeUnicorn-43885.exeUnicorn-52053.exeUnicorn-41192.exeUnicorn-6381.exeUnicorn-31078.exeUnicorn-23464.exeUnicorn-8519.exeUnicorn-20580.exeUnicorn-12966.exeUnicorn-28748.exeUnicorn-28748.exeUnicorn-21134.exeUnicorn-6189.exeUnicorn-51861.exeUnicorn-17050.exeUnicorn-32230.exeUnicorn-43090.exeUnicorn-9671.exeUnicorn-9671.exeUnicorn-63319.exeUnicorn-48374.exeUnicorn-60626.exeUnicorn-40760.exeUnicorn-33984.exeUnicorn-57097.exeUnicorn-24747.exeUnicorn-7341.exeUnicorn-17325.exe

pid	process
2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
2268	Unicorn-21597.exe
2848	Unicorn-48322.exe
2108	Unicorn-28456.exe
2920	Unicorn-58711.exe
2832	Unicorn-37584.exe
2648	Unicorn-35961.exe
1988	Unicorn-53449.exe
3000	Unicorn-164.exe
2900	Unicorn-164.exe
3020	Unicorn-62364.exe
2796	Unicorn-64310.exe
2776	Unicorn-49604.exe
1152	Unicorn-37906.exe
2080	Unicorn-58903.exe
2940	Unicorn-9147.exe
2772	Unicorn-36344.exe
1660	Unicorn-49687.exe
1916	Unicorn-29328.exe
2504	Unicorn-14383.exe
1084	Unicorn-55971.exe
1356	Unicorn-65530.exe
1880	Unicorn-13314.exe
1928	Unicorn-24175.exe
1656	Unicorn-26636.exe
1720	Unicorn-41109.exe
1744	Unicorn-49277.exe
1796	Unicorn-60138.exe
1728	Unicorn-8436.exe
2132	Unicorn-19297.exe
1060	Unicorn-35079.exe
2644	Unicorn-12520.exe
2680	Unicorn-24773.exe
2816	Unicorn-823.exe
380	Unicorn-20689.exe
2864	Unicorn-2297.exe
2880	Unicorn-43885.exe
2500	Unicorn-52053.exe
2008	Unicorn-41192.exe
2000	Unicorn-6381.exe
316	Unicorn-31078.exe
2216	Unicorn-23464.exe
1564	Unicorn-8519.exe
1272	Unicorn-20580.exe
2140	Unicorn-12966.exe
1264	Unicorn-28748.exe
2308	Unicorn-28748.exe
992	Unicorn-21134.exe
560	Unicorn-6189.exe
840	Unicorn-51861.exe
2916	Unicorn-17050.exe
2460	Unicorn-32230.exe
2264	Unicorn-43090.exe
2260	Unicorn-9671.exe
1256	Unicorn-9671.exe
2748	Unicorn-63319.exe
2640	Unicorn-48374.exe
2652	Unicorn-60626.exe
2740	Unicorn-40760.exe
2860	Unicorn-33984.exe
2980	Unicorn-57097.exe
1296	Unicorn-24747.exe
812	Unicorn-7341.exe
2012	Unicorn-17325.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exeUnicorn-21597.exeUnicorn-48322.exeUnicorn-28456.exeUnicorn-35961.exeUnicorn-37584.exeUnicorn-58711.exeUnicorn-53449.exe

description	pid	process	target process
PID 2288 wrote to memory of 2268	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-21597.exe
PID 2288 wrote to memory of 2268	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-21597.exe
PID 2288 wrote to memory of 2268	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-21597.exe
PID 2288 wrote to memory of 2268	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-21597.exe
PID 2268 wrote to memory of 2848	2268	Unicorn-21597.exe	Unicorn-48322.exe
PID 2268 wrote to memory of 2848	2268	Unicorn-21597.exe	Unicorn-48322.exe
PID 2268 wrote to memory of 2848	2268	Unicorn-21597.exe	Unicorn-48322.exe
PID 2268 wrote to memory of 2848	2268	Unicorn-21597.exe	Unicorn-48322.exe
PID 2288 wrote to memory of 2108	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-28456.exe
PID 2288 wrote to memory of 2108	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-28456.exe
PID 2288 wrote to memory of 2108	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-28456.exe
PID 2288 wrote to memory of 2108	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	Unicorn-28456.exe
PID 2288 wrote to memory of 2720	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	WerFault.exe
PID 2288 wrote to memory of 2720	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	WerFault.exe
PID 2288 wrote to memory of 2720	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	WerFault.exe
PID 2288 wrote to memory of 2720	2288	7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe	WerFault.exe
PID 2848 wrote to memory of 2920	2848	Unicorn-48322.exe	Unicorn-58711.exe
PID 2848 wrote to memory of 2920	2848	Unicorn-48322.exe	Unicorn-58711.exe
PID 2848 wrote to memory of 2920	2848	Unicorn-48322.exe	Unicorn-58711.exe
PID 2848 wrote to memory of 2920	2848	Unicorn-48322.exe	Unicorn-58711.exe
PID 2268 wrote to memory of 2832	2268	Unicorn-21597.exe	Unicorn-37584.exe
PID 2268 wrote to memory of 2832	2268	Unicorn-21597.exe	Unicorn-37584.exe
PID 2268 wrote to memory of 2832	2268	Unicorn-21597.exe	Unicorn-37584.exe
PID 2268 wrote to memory of 2832	2268	Unicorn-21597.exe	Unicorn-37584.exe
PID 2108 wrote to memory of 2648	2108	Unicorn-28456.exe	Unicorn-35961.exe
PID 2108 wrote to memory of 2648	2108	Unicorn-28456.exe	Unicorn-35961.exe
PID 2108 wrote to memory of 2648	2108	Unicorn-28456.exe	Unicorn-35961.exe
PID 2108 wrote to memory of 2648	2108	Unicorn-28456.exe	Unicorn-35961.exe
PID 2268 wrote to memory of 3004	2268	Unicorn-21597.exe	WerFault.exe
PID 2268 wrote to memory of 3004	2268	Unicorn-21597.exe	WerFault.exe
PID 2268 wrote to memory of 3004	2268	Unicorn-21597.exe	WerFault.exe
PID 2268 wrote to memory of 3004	2268	Unicorn-21597.exe	WerFault.exe
PID 2648 wrote to memory of 1988	2648	Unicorn-35961.exe	Unicorn-53449.exe
PID 2648 wrote to memory of 1988	2648	Unicorn-35961.exe	Unicorn-53449.exe
PID 2648 wrote to memory of 1988	2648	Unicorn-35961.exe	Unicorn-53449.exe
PID 2648 wrote to memory of 1988	2648	Unicorn-35961.exe	Unicorn-53449.exe
PID 2108 wrote to memory of 2796	2108	Unicorn-28456.exe	Unicorn-64310.exe
PID 2108 wrote to memory of 2796	2108	Unicorn-28456.exe	Unicorn-64310.exe
PID 2108 wrote to memory of 2796	2108	Unicorn-28456.exe	Unicorn-64310.exe
PID 2108 wrote to memory of 2796	2108	Unicorn-28456.exe	Unicorn-64310.exe
PID 2832 wrote to memory of 3000	2832	Unicorn-37584.exe	Unicorn-164.exe
PID 2832 wrote to memory of 3000	2832	Unicorn-37584.exe	Unicorn-164.exe
PID 2832 wrote to memory of 3000	2832	Unicorn-37584.exe	Unicorn-164.exe
PID 2832 wrote to memory of 3000	2832	Unicorn-37584.exe	Unicorn-164.exe
PID 2920 wrote to memory of 2900	2920	Unicorn-58711.exe	Unicorn-164.exe
PID 2920 wrote to memory of 2900	2920	Unicorn-58711.exe	Unicorn-164.exe
PID 2920 wrote to memory of 2900	2920	Unicorn-58711.exe	Unicorn-164.exe
PID 2920 wrote to memory of 2900	2920	Unicorn-58711.exe	Unicorn-164.exe
PID 2848 wrote to memory of 3020	2848	Unicorn-48322.exe	Unicorn-62364.exe
PID 2848 wrote to memory of 3020	2848	Unicorn-48322.exe	Unicorn-62364.exe
PID 2848 wrote to memory of 3020	2848	Unicorn-48322.exe	Unicorn-62364.exe
PID 2848 wrote to memory of 3020	2848	Unicorn-48322.exe	Unicorn-62364.exe
PID 2848 wrote to memory of 1812	2848	Unicorn-48322.exe	WerFault.exe
PID 2848 wrote to memory of 1812	2848	Unicorn-48322.exe	WerFault.exe
PID 2848 wrote to memory of 1812	2848	Unicorn-48322.exe	WerFault.exe
PID 2848 wrote to memory of 1812	2848	Unicorn-48322.exe	WerFault.exe
PID 2108 wrote to memory of 1808	2108	Unicorn-28456.exe	WerFault.exe
PID 2108 wrote to memory of 1808	2108	Unicorn-28456.exe	WerFault.exe
PID 2108 wrote to memory of 1808	2108	Unicorn-28456.exe	WerFault.exe
PID 2108 wrote to memory of 1808	2108	Unicorn-28456.exe	WerFault.exe
PID 1988 wrote to memory of 2776	1988	Unicorn-53449.exe	Unicorn-49604.exe
PID 1988 wrote to memory of 2776	1988	Unicorn-53449.exe	Unicorn-49604.exe
PID 1988 wrote to memory of 2776	1988	Unicorn-53449.exe	Unicorn-49604.exe
PID 1988 wrote to memory of 2776	1988	Unicorn-53449.exe	Unicorn-49604.exe

C:\Users\Admin\AppData\Local\Temp\7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe
"C:\Users\Admin\AppData\Local\Temp\7fd09fffe04ecb4078c074c332a8c92e9866c0dfd25c643234f2a0b24a892546.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        6⤵
        Program crash
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        9⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        11⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        12⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        13⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        14⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        15⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
        15⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        14⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        13⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        12⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        11⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        12⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        13⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 200
        14⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 236
        13⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        12⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        11⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        11⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        12⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        13⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        14⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
        14⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        12⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        11⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        10⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        9⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        11⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        12⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        13⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        14⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        14⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        13⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        12⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 216
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56236.exe
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        11⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        12⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
        13⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        9⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        11⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        12⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        13⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        14⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
        14⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        13⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        11⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        12⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        13⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
        13⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 236
        12⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        9⤵
        Program crash
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        11⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        12⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        13⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        8⤵
        Program crash
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        7⤵
        Program crash
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        6⤵
        Executes dropped EXE
        
        PID:2276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        10⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        13⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        14⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        13⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        12⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        11⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        12⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        13⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
        13⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        11⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        12⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        13⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 236
        13⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
        8⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11679.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        11⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3774.exe
        12⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe
        13⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
        13⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        12⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        10⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        11⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
        12⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        10⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        8⤵
        Program crash
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
        7⤵
        Program crash
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        12⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
        13⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
        10⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
        11⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 236
        10⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        8⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        7⤵
        Program crash
        
        PID:3312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        6⤵
        Program crash
        
        PID:484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
        5⤵
        Program crash
        
        PID:2472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        5⤵
        Program crash
        
        PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        8⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        10⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        11⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        12⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        13⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        14⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
        13⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        11⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        12⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
        13⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11232 -s 216
        13⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 216
        8⤵
        Program crash
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        10⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        11⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
        12⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
        10⤵
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        7⤵
        Program crash
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        11⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        12⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        13⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
        13⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        11⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        12⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        12⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 220
        8⤵
        Program crash
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        11⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        12⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 236
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        7⤵
        Program crash
        
        PID:3404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        6⤵
        Program crash
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63771.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43193.exe
        11⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        13⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        12⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        11⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52181.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        11⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        12⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 236
        12⤵
        
        PID:13348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
        11⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        12⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
        12⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        11⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        10⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        7⤵
        Program crash
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 220
        10⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        10⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        11⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
        11⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        10⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        9⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        8⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        7⤵
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
        6⤵
        Program crash
        
        PID:1348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        5⤵
        Program crash
        
        PID:2856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1168
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        11⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        12⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        13⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        14⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        15⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 236
        15⤵
        
        PID:13624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        14⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
        13⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        12⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        11⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        10⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        12⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        13⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        14⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
        14⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        13⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        12⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        11⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        10⤵
        Program crash
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        9⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        10⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        11⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        12⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        13⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        14⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
        14⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        13⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        12⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        11⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        11⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        12⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
        13⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
        13⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 220
        9⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        8⤵
        Program crash
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        10⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        12⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        13⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        14⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        14⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        13⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        11⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        9⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        9⤵
        Program crash
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1773.exe
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        12⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22535.exe
        13⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        13⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        8⤵
        Program crash
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        7⤵
        Program crash
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        12⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
        13⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        12⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
        9⤵
        Program crash
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        11⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        12⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        12⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        11⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        9⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 220
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        10⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        11⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        12⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
        13⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
        13⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
        12⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        11⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        12⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        11⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        10⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        8⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        8⤵
        Program crash
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        7⤵
        Program crash
        
        PID:2536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        6⤵
        Program crash
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        10⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        11⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
        12⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        13⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        14⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        15⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        14⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        13⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        12⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
        11⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        10⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        11⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        12⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 200
        13⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        12⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        10⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe
        10⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
        11⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        12⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        13⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
        14⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        11⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        9⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        10⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        12⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1356.exe
        13⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        14⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 236
        13⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
        12⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        11⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        13⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        13⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 220
        12⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        8⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
        12⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        13⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        12⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        11⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
        10⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        11⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        12⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 220
        12⤵
        
        PID:14228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        10⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 220
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        7⤵
        Program crash
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        11⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        12⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        13⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        14⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        12⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
        13⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        12⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        9⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
        10⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        11⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        12⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 236
        12⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 220
        8⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
        7⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        10⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        11⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        12⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
        12⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        10⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 216
        8⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        7⤵
        Program crash
        
        PID:3168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:1100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        5⤵
        Program crash
        
        PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        11⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
        12⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        13⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
        14⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 216
        14⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        13⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        12⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        11⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        12⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        13⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
        13⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
        13⤵
        
        PID:13572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        11⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        10⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        9⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        8⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        12⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        13⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
        13⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52181.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        11⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        12⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
        12⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        11⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        7⤵
        Program crash
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        12⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60225.exe
        13⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
        13⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 236
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        9⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
        8⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        9⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        10⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        11⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        11⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        10⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        9⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        7⤵
        Program crash
        
        PID:3228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        6⤵
        Program crash
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
        8⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        12⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        13⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
        13⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        11⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        11⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        12⤵
        
        PID:708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10264 -s 216
        12⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 220
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        11⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        11⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        9⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 236
        8⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        10⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        11⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        12⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 236
        12⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        11⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        10⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2300.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        9⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        10⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
        11⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        10⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        9⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        8⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        7⤵
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        6⤵
        Program crash
        
        PID:2804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
        5⤵
        Program crash
        
        PID:2704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 244
        6⤵
        Program crash
        
        PID:2716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        5⤵
        Program crash
        
        PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57097.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        10⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        11⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        12⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
        12⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        11⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        10⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        7⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 300
        8⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        7⤵
        
        PID:5144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        6⤵
        Program crash
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61908.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        11⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        12⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 220
        12⤵
        
        PID:13912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        10⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        10⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        11⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        11⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        10⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        9⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        8⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        7⤵
        Program crash
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        10⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        11⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
        11⤵
        
        PID:13588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        10⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        9⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        8⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        7⤵
        
        PID:4128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 220
        6⤵
        Program crash
        
        PID:3440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        5⤵
        Program crash
        
        PID:1804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
      4⤵
      Program crash
      PID:1992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe

Filesize
184KB

MD5
7bc88c3d32aab6f2776fe8e033fa4484

SHA1
3e879855d11fdb2a3c675dbe3d0ba47db11f819e

SHA256
844f33c624662974c494edd08236c3c7d7b2059f81db6103fab0a9ceaa1b567d

SHA512
20959de67e751b0b1bfd2f45777c33a4621c48c02b121e311d947fc76a94c168e90b295aefb058f25d7528b11213559dab0f8c877128779d74d1032e56b6bda9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe

Filesize
184KB

MD5
2fb5e034ea6189f72a9ecd118e6e39e6

SHA1
89b6c7a266005d1741b681356c2602024a1ded29

SHA256
abc30376b1399e222b1a79e0eb62e140bfa96d039ef0e31ffae9ae6f5cb446cb

SHA512
033c2105ced3ee337792d038470fdb8cd2d410ddc10473ea09ed29d3ffa209e76b96225fcc8c1ce3ece7b16456480448d14a27a9663b5253dd100a18a96f9220

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe

Filesize
184KB

MD5
b3694c5158a8084acd213ed44d4249f5

SHA1
7e56c6145c3dd9ea0b3925f37a20c474bd4d40b9

SHA256
569d080b8eda7402708f37ce0109f618a523e80da2d0daec5a6e74d7d72e48d1

SHA512
a5f23b2b85d77fdad9b36712a1c95635f851782598367f8ecf1eacc746b4d2bcb102a993b25a7620f74c38c0bc12403abe02d92e613fea0f2a4a18cee35d093f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe

Filesize
184KB

MD5
6a4ec1088220924f464ef5ce6be03a6c

SHA1
59877f1874a87514cc67253f321c0918c665eda2

SHA256
ebef76024b721286de596ca6aa4bd4723586c5dcb4d4b8384fee59f4e671f623

SHA512
4cfd88904dc57905cff22611b99f16bad79a7dade57f039a9954381ae6dc3bce65ac6266696a7fd9175ace7ede2fcced5994ccc431a5caaf9f9495a2caeb82fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe

Filesize
184KB

MD5
c02ccae51b74931693f7428de2a0826e

SHA1
df463943fb3210f83efec44d4004852fcb9a5fc2

SHA256
a3d33e3b89d6bb825e588d882bdf5f936851f31af7dca1c7ead45a5f4c790e27

SHA512
7395a1a8afa6ea9ca3fa8bf099ff6c195fb79d196ee9800fbf53505919f91da1bf7ae10c314aa73dd3ee5d44bdab458842fcd7aa8a2f876841ad434959f6c613

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe

Filesize
184KB

MD5
89b5601f73f4eca86b4c24b955891573

SHA1
058bb4f059e6f7bbf240ab3cd08789e805695cc2

SHA256
7f0c192fb16909fe1d760ec78412cb786674d40d528fe875642a96dd78bf73ad

SHA512
931e9b59fe3879ee63d2b64192c80c835fad0133529ffdb13376564df66c558a19480ee388a087ca8e0ee8f84f4e86d5aac7f1f150981f804de01883d12f0be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe

Filesize
184KB

MD5
f241838cc2cb5eaa7355d290ee0c0036

SHA1
8f0d77fedb1ec3c99c64be2d4446d9076b2a8bd8

SHA256
1a7ca3752dad340a0e731760d6ea269d6e7172a28826a2f0b2a56e3c2ff5b040

SHA512
de69fd307521f9ca360072cccccce7327fa7c75b6f8eee9bb5077c639919eaf83999f65f6128b90660f4ad234c627ffe45352275feba551a450d5decdb59cebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe

Filesize
184KB

MD5
53add96201cc5baec284dd4f95b15167

SHA1
dd446d75991c6ebfb782440d664e55248dfb6934

SHA256
18b42ecfb0c9c535d95075e7b2620005f8807312558305d87a48e33c166da9d7

SHA512
0eeaf9c3b6f0443fa68dd84d7f3b7ccc361a1dca9e87dd426622ab78337585a160da960cdcf5fe575e9db3f23e4892c9f1372efc488d21afd5f5242f82aa240b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe

Filesize
184KB

MD5
201af9e871618a61eead76cde8610520

SHA1
44ac4f8ed28e1d6e8f15019350422d49eb192d1f

SHA256
f64443a57c64384b33cbeadcd031fa394c65adf818bc8af12b910e8d58c935aa

SHA512
4298fefcc3053efae99bdaacc93e392060c1daaec51c551c4cc095869d8988a8d52475dbb2a515151048d5738f728480b36cb85f52aa5ac72c7a22d6422ebc5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe

Filesize
184KB

MD5
7e5701ff890ebcc276a3ea0bd86c28cc

SHA1
2d3fe61ab8bb993eee4bc2d465d2687a018075f2

SHA256
f67dba0e1199394aa95e8a6f56185aeeb8e6119d2921d63d662314c14e960871

SHA512
b990a0ced24b1829936b255a094192af929b382cd6711efbd46e9f54a9f62c7e03e56f67315fb6b4ac1bd5760ecca0ca240f44c8c6eea96854a2d61786473e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe

Filesize
184KB

MD5
c4b4a756e29d8416e1a2a27aa1c64fcc

SHA1
a4ce86a0ef6d89e5022f7201938b0de3b4e57f55

SHA256
ea4d3a971f685baaf1b4557b7600451331fc3626e5c608fc76ae63ac2b96d229

SHA512
103fe496a326e83bdf167ce92c401dd76e315e06abefb500b9377f8f044c6b80e1240b96ac07fef78e45cd2fadcf3408c9e70b9786e5682851fbe7736ff574c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe

Filesize
184KB

MD5
a5df3049af8db8cd1119795d40f88ed1

SHA1
4d96effe943ced6416292c29804ea1b703a79fd3

SHA256
9e9d8ea21f4f4c49b65ba3810ecc4e431b8937ecf6969d7e4a76deab1dbb9cb6

SHA512
eb3301238c6876b1a46ce944814a15c438f79ba5ec26686e70872ec68993efe1f0510d5437396358073218ae7f65a4203a79af9a3762f0636627e6b8e951f398

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe

Filesize
184KB

MD5
cf4f036ed15cffabfe2943a9f950cca2

SHA1
5f8ac5ae2edb75b0a1d5d5ec4c3fdc547a3f7289

SHA256
51cc14724d75c91fc35aba66d0c565de5a659ac48e1a52163ff769865e46af98

SHA512
ceca8e72aa0aa307b523cc05c83ab23a046d4fd4108870d45ef4ac2c5eeb22f4b9ac0dcc8fbc67fe48a03a98dff846754108084da85da26d11afc3b51692d9cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe

Filesize
184KB

MD5
e39bb2fa2cd7e03c75dfa821b7f52544

SHA1
b857de363df0cfab396a9381a71059a4f4bff1f9

SHA256
50223a86cc05812e068f1da2f68cb4f922631979321150b27bac603dab6af762

SHA512
5b05bbfe2ff4e4e5ca6350eda02a200543d6101e470c3853d859c781f7ced425a255772e6eacf4dcf8b9d597049d15cbb74b5dba8e63397e8c9213cae40ffd19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe

Filesize
184KB

MD5
28cd8df6d80dc8f3712638dd87015889

SHA1
75bd3ec241dded937d048cfa9d180f44ea60baf1

SHA256
78e88a701a63bb132814d1af6b860a13403c62ac4487533d2befa1f884f8819b

SHA512
a3e587d9c2b8627529b4765f4afa4fd80ec405250b35973e40f87f9b37d539453ee426ab7aba1a211e9a31d767672871091060f7b8a88a1eea3454937dace901

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe

Filesize
184KB

MD5
e9821d7148ca79ba6547b35e3fa3b57e

SHA1
7df4a4aa3f711ab0f610a4924193e6dc75a5a856

SHA256
69fa7da13eaa763e7970ad814cb13a4d9a1dfe1a7a6d92730b439fa656d5a7f1

SHA512
80341f2519b43bb5990ab1c1eae37cb4a8808814cc804ecd3cf1b0d85046ca296cbf737ac6235a2bbf3134f6b576824745e477e5c1e40b0be3e89ca42b591d5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe

Filesize
184KB

MD5
65f21d689ac1c7a767ab8b1eca7c6de9

SHA1
e5151bb0c57a1e3bd62c13b11fcd79df1f2c8643

SHA256
072a54a7563793cb0d639d2c9124b3190100d61bdaf4fa557248602a690ae496

SHA512
b177258d7e841a3da5bac2b523a71d31f27f7ab83c7876c07abfaf64b29581518979ba42d3919215c303ef0b2ac8c0ea479c9ff0643b977b0400be3d9b38c384

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe

Filesize
184KB

MD5
56fb4be45b12f8a49975a0ffca2d2384

SHA1
47a8135edf5319ae13b22bfef0d4ec8207d3b7ba

SHA256
92ee81e8e4c8996ac5d4fa7318ff681c95aeaff0a20a52a7c502b0c95e177838

SHA512
ef2d422ebd28da0c27c1fc3896f2adf206653700fa8626cde2fc5ef4fc2db1d61ece72eae27e34039d08e6002c6a36455f48af0262dca7699a80b1d3d0af75e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe

Filesize
184KB

MD5
1a0423a5784cb401c9ce7f51bd36920a

SHA1
a49c1920a2f0bf99c9e6826f674e1db4b8c9a705

SHA256
2b1772a9894ef6b16ce52e0275c05912f1272e61bb007a579baf5fd0b68ef497

SHA512
12f6d4edec62139bfce4d596563587ced558e78fde87ee6fa1423e2d7d80aafc14b982cc0eb19d8e3d6ae3ad1c3615f1f6333a6a08f506dc686c9534ed2b5f63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe

Filesize
184KB

MD5
b23c647a50a358b250e957ad1e87cd1b

SHA1
a8068bf52e10e78d4cd7e4e30ccf293b0b34e430

SHA256
f14efae11af01da0ea3dde9abe98d8db56db1832482a425961e5096b7201395a

SHA512
5457998ecab0c342853ea344507c88b28647f5d200e133295a0a43688677685382c7073147f3101613aae424f8ab41610da0c7eb1dc7f0b1c8a00db564cab6f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe

Filesize
184KB

MD5
6c7913a6b082bdca1031747135770898

SHA1
4c7a9473e376b3e281d2780d8bba18ec4cb3c033

SHA256
e53bf96e8f612517956ce874b37c3b33f66c05d0ddecb981698e4b2e26c927c7

SHA512
ee4c351aa39badfb199c3de26f69a21fce315bdd2375e131df9e6acd455733c09f405ca42e6a7f16242c7d9ec06d1d9b05efc17e4242316b4c475fdea36987d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe

Filesize
184KB

MD5
604d107755645fca6e4f425e8118b189

SHA1
fa9fa48011049f50140d3a42b7373ff6ba54698c

SHA256
3dad490d7f97cd223d90ab55daf84b5cb9a9f90a39c404f329dfc9e64efefd14

SHA512
0156d6ed80ad91560dbb7ca5700f2978ee3df8428842a0b2d0763169a5a8ea9c7c8ed9fef0f40a6c9d5242fad9b76252f77a9204cea624efaa9de8959d13466e

Download Submit