18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
Size

184KB
MD5

7239e39bda0beb3ba84f5c2dc6ae371e
SHA1

7f1d67e36b660f334ffdc934c23420b4ac886f55
SHA256

18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142
SHA512

0854892450780d6ab9d1629e34dbf3a0d5b4f1f7df44aa229fdd8ac15bc08d907d9ce60dbb07d73f337eb13effa01dba6ae12e9dfcbc69a782a2335733ab5ca3
SSDEEP

1536:V7eL6gEAu3yxojx1nTTGgwMyLIyiZclwmdftELR2Vzetshl5hj5Vizpv2:VFL3yxothTTdyELePELRKsshlnniFu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-1252.exeUnicorn-41299.exeUnicorn-17349.exeUnicorn-63904.exeUnicorn-29094.exeUnicorn-9228.exeUnicorn-6618.exeUnicorn-49597.exeUnicorn-2534.exeUnicorn-29731.exeUnicorn-48206.exeUnicorn-58917.exeUnicorn-34967.exeUnicorn-10484.exeUnicorn-17261.exeUnicorn-49379.exeUnicorn-60240.exeUnicorn-45295.exeUnicorn-45295.exeUnicorn-59768.exeUnicorn-37210.exeUnicorn-13260.exeUnicorn-14651.exeUnicorn-7038.exeUnicorn-22820.exeUnicorn-4345.exeUnicorn-45933.exeUnicorn-11122.exeUnicorn-30988.exeUnicorn-58185.exeUnicorn-12513.exeUnicorn-20957.exeUnicorn-31817.exeUnicorn-25041.exeUnicorn-35901.exeUnicorn-37293.exeUnicorn-33763.exeUnicorn-18819.exeUnicorn-29679.exeUnicorn-26987.exeUnicorn-51491.exeUnicorn-9067.exeUnicorn-59659.exeUnicorn-4983.exeUnicorn-2290.exeUnicorn-63743.exeUnicorn-10458.exeUnicorn-21319.exeUnicorn-41185.exeUnicorn-6374.exeUnicorn-33571.exeUnicorn-38409.exeUnicorn-4153.exeUnicorn-40355.exeUnicorn-5544.exeUnicorn-5544.exeUnicorn-28657.exeUnicorn-38217.exeUnicorn-3406.exeUnicorn-645.exeUnicorn-2036.exeUnicorn-43623.exeUnicorn-46084.exeUnicorn-18373.exe

pid	process
2956	Unicorn-1252.exe
3012	Unicorn-41299.exe
2288	Unicorn-17349.exe
2636	Unicorn-63904.exe
2692	Unicorn-29094.exe
2804	Unicorn-9228.exe
1728	Unicorn-6618.exe
3024	Unicorn-49597.exe
3028	Unicorn-2534.exe
1272	Unicorn-29731.exe
1540	Unicorn-48206.exe
1304	Unicorn-58917.exe
1284	Unicorn-34967.exe
2264	Unicorn-10484.exe
1688	Unicorn-17261.exe
2092	Unicorn-49379.exe
664	Unicorn-60240.exe
1504	Unicorn-45295.exe
584	Unicorn-45295.exe
1724	Unicorn-59768.exe
2360	Unicorn-37210.exe
1148	Unicorn-13260.exe
684	Unicorn-14651.exe
340	Unicorn-7038.exe
400	Unicorn-22820.exe
2340	Unicorn-4345.exe
272	Unicorn-45933.exe
2012	Unicorn-11122.exe
2156	Unicorn-30988.exe
1992	Unicorn-58185.exe
888	Unicorn-12513.exe
2412	Unicorn-20957.exe
2036	Unicorn-31817.exe
1740	Unicorn-25041.exe
2784	Unicorn-35901.exe
2540	Unicorn-37293.exe
2580	Unicorn-33763.exe
2020	Unicorn-18819.exe
1616	Unicorn-29679.exe
3016	Unicorn-26987.exe
2704	Unicorn-51491.exe
1252	Unicorn-9067.exe
3032	Unicorn-59659.exe
2988	Unicorn-4983.exe
2584	Unicorn-2290.exe
2172	Unicorn-63743.exe
836	Unicorn-10458.exe
1428	Unicorn-21319.exe
840	Unicorn-41185.exe
2228	Unicorn-6374.exe
2936	Unicorn-33571.exe
1048	Unicorn-38409.exe
1844	Unicorn-4153.exe
2436	Unicorn-40355.exe
1940	Unicorn-5544.exe
2164	Unicorn-5544.exe
1944	Unicorn-28657.exe
2968	Unicorn-38217.exe
2016	Unicorn-3406.exe
2668	Unicorn-645.exe
1628	Unicorn-2036.exe
2560	Unicorn-43623.exe
2592	Unicorn-46084.exe
2532	Unicorn-18373.exe

Loads dropped DLL 64 IoCs

Processes:

18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exeUnicorn-1252.exeUnicorn-41299.exeUnicorn-17349.exeWerFault.exeUnicorn-63904.exeUnicorn-29094.exeUnicorn-9228.exeWerFault.exeWerFault.exeUnicorn-6618.exeUnicorn-2534.exeUnicorn-49597.exeUnicorn-29731.exeUnicorn-48206.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
2956	Unicorn-1252.exe
2956	Unicorn-1252.exe
2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
3012	Unicorn-41299.exe
2956	Unicorn-1252.exe
3012	Unicorn-41299.exe
2956	Unicorn-1252.exe
2288	Unicorn-17349.exe
2288	Unicorn-17349.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
2636	Unicorn-63904.exe
2636	Unicorn-63904.exe
2692	Unicorn-29094.exe
2692	Unicorn-29094.exe
2804	Unicorn-9228.exe
2804	Unicorn-9228.exe
3012	Unicorn-41299.exe
2288	Unicorn-17349.exe
2288	Unicorn-17349.exe
3012	Unicorn-41299.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
1612	WerFault.exe
1728	Unicorn-6618.exe
1728	Unicorn-6618.exe
2636	Unicorn-63904.exe
2636	Unicorn-63904.exe
3028	Unicorn-2534.exe
3028	Unicorn-2534.exe
2804	Unicorn-9228.exe
2804	Unicorn-9228.exe
3024	Unicorn-49597.exe
3024	Unicorn-49597.exe
2692	Unicorn-29094.exe
2692	Unicorn-29094.exe
1272	Unicorn-29731.exe
1540	Unicorn-48206.exe
1272	Unicorn-29731.exe
1540	Unicorn-48206.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1776	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	2176	WerFault.exe	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
3008	2956	WerFault.exe	Unicorn-1252.exe
1612	3012	WerFault.exe	Unicorn-41299.exe
2716	2288	WerFault.exe	Unicorn-17349.exe
1812	2636	WerFault.exe	Unicorn-63904.exe
1816	2804	WerFault.exe	Unicorn-9228.exe
1776	2692	WerFault.exe	Unicorn-29094.exe
2188	1728	WerFault.exe	Unicorn-6618.exe
3048	3028	WerFault.exe	Unicorn-2534.exe
3060	3024	WerFault.exe	Unicorn-49597.exe
2760	1272	WerFault.exe	Unicorn-29731.exe
2776	1540	WerFault.exe	Unicorn-48206.exe
1632	1284	WerFault.exe	Unicorn-34967.exe
2116	1304	WerFault.exe	Unicorn-58917.exe
1348	2264	WerFault.exe	Unicorn-10484.exe
2032	1688	WerFault.exe	Unicorn-17261.exe
2148	664	WerFault.exe	Unicorn-60240.exe
1908	2092	WerFault.exe	Unicorn-49379.exe
1708	1504	WerFault.exe	Unicorn-45295.exe
676	584	WerFault.exe	Unicorn-45295.exe
2792	1724	WerFault.exe	Unicorn-59768.exe
2772	2360	WerFault.exe	Unicorn-37210.exe
2800	1148	WerFault.exe	Unicorn-13260.exe
2548	684	WerFault.exe	Unicorn-14651.exe
1988	340	WerFault.exe	Unicorn-7038.exe
2868	2340	WerFault.exe	Unicorn-4345.exe
2976	400	WerFault.exe	Unicorn-22820.exe
1188	1992	WerFault.exe	Unicorn-58185.exe
1184	2012	WerFault.exe	Unicorn-11122.exe
2260	2156	WerFault.exe	Unicorn-30988.exe
2696	272	WerFault.exe	Unicorn-45933.exe
760	888	WerFault.exe	Unicorn-12513.exe
3404	2412	WerFault.exe	Unicorn-20957.exe
3524	1740	WerFault.exe	Unicorn-25041.exe
3584	1616	WerFault.exe	Unicorn-29679.exe
3608	2020	WerFault.exe	Unicorn-18819.exe
3628	840	WerFault.exe	Unicorn-41185.exe
3652	2172	WerFault.exe	Unicorn-63743.exe
3660	1252	WerFault.exe	Unicorn-9067.exe
3692	2704	WerFault.exe	Unicorn-51491.exe
3700	2988	WerFault.exe	Unicorn-4983.exe
3752	2936	WerFault.exe	Unicorn-33571.exe
3820	2580	WerFault.exe	Unicorn-33763.exe
3868	3016	WerFault.exe	Unicorn-26987.exe
3916	2036	WerFault.exe	Unicorn-31817.exe
3924	2784	WerFault.exe	Unicorn-35901.exe
3968	1428	WerFault.exe	Unicorn-21319.exe
3984	836	WerFault.exe	Unicorn-10458.exe
4048	2228	WerFault.exe	Unicorn-6374.exe
4092	3032	WerFault.exe	Unicorn-59659.exe
3848	2436	WerFault.exe	Unicorn-40355.exe
3900	1944	WerFault.exe	Unicorn-28657.exe
3880	2164	WerFault.exe	Unicorn-5544.exe
3140	2968	WerFault.exe	Unicorn-38217.exe
3224	1628	WerFault.exe	Unicorn-2036.exe
3240	3152	WerFault.exe	Unicorn-4449.exe
3388	2584	WerFault.exe	Unicorn-2290.exe
2408	1436	WerFault.exe	Unicorn-58891.exe
3636	2560	WerFault.exe	Unicorn-43623.exe
1052	1324	WerFault.exe	Unicorn-13219.exe
3096	2872	WerFault.exe	Unicorn-2913.exe
3124	1424	WerFault.exe	Unicorn-33640.exe
3472	1500	WerFault.exe	Unicorn-64366.exe
532	2088	WerFault.exe	Unicorn-49654.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exeUnicorn-1252.exeUnicorn-41299.exeUnicorn-17349.exeUnicorn-63904.exeUnicorn-9228.exeUnicorn-29094.exeUnicorn-6618.exeUnicorn-49597.exeUnicorn-2534.exeUnicorn-29731.exeUnicorn-48206.exeUnicorn-58917.exeUnicorn-34967.exeUnicorn-10484.exeUnicorn-17261.exeUnicorn-49379.exeUnicorn-60240.exeUnicorn-45295.exeUnicorn-45295.exeUnicorn-59768.exeUnicorn-37210.exeUnicorn-13260.exeUnicorn-14651.exeUnicorn-7038.exeUnicorn-4345.exeUnicorn-22820.exeUnicorn-45933.exeUnicorn-11122.exeUnicorn-58185.exeUnicorn-30988.exeUnicorn-12513.exeUnicorn-20957.exeUnicorn-31817.exeUnicorn-25041.exeUnicorn-35901.exeUnicorn-37293.exeUnicorn-33763.exeUnicorn-18819.exeUnicorn-29679.exeUnicorn-26987.exeUnicorn-51491.exeUnicorn-59659.exeUnicorn-9067.exeUnicorn-4983.exeUnicorn-2290.exeUnicorn-63743.exeUnicorn-21319.exeUnicorn-10458.exeUnicorn-41185.exeUnicorn-6374.exeUnicorn-33571.exeUnicorn-38409.exeUnicorn-4153.exeUnicorn-40355.exeUnicorn-5544.exeUnicorn-5544.exeUnicorn-28657.exeUnicorn-38217.exeUnicorn-3406.exeUnicorn-645.exeUnicorn-2036.exeUnicorn-43623.exeUnicorn-46084.exe

pid	process
2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
2956	Unicorn-1252.exe
3012	Unicorn-41299.exe
2288	Unicorn-17349.exe
2636	Unicorn-63904.exe
2804	Unicorn-9228.exe
2692	Unicorn-29094.exe
1728	Unicorn-6618.exe
3024	Unicorn-49597.exe
3028	Unicorn-2534.exe
1272	Unicorn-29731.exe
1540	Unicorn-48206.exe
1304	Unicorn-58917.exe
1284	Unicorn-34967.exe
2264	Unicorn-10484.exe
1688	Unicorn-17261.exe
2092	Unicorn-49379.exe
664	Unicorn-60240.exe
1504	Unicorn-45295.exe
584	Unicorn-45295.exe
1724	Unicorn-59768.exe
2360	Unicorn-37210.exe
1148	Unicorn-13260.exe
684	Unicorn-14651.exe
340	Unicorn-7038.exe
2340	Unicorn-4345.exe
400	Unicorn-22820.exe
272	Unicorn-45933.exe
2012	Unicorn-11122.exe
1992	Unicorn-58185.exe
2156	Unicorn-30988.exe
888	Unicorn-12513.exe
2412	Unicorn-20957.exe
2036	Unicorn-31817.exe
1740	Unicorn-25041.exe
2784	Unicorn-35901.exe
2540	Unicorn-37293.exe
2580	Unicorn-33763.exe
2020	Unicorn-18819.exe
1616	Unicorn-29679.exe
3016	Unicorn-26987.exe
2704	Unicorn-51491.exe
3032	Unicorn-59659.exe
1252	Unicorn-9067.exe
2988	Unicorn-4983.exe
2584	Unicorn-2290.exe
2172	Unicorn-63743.exe
1428	Unicorn-21319.exe
836	Unicorn-10458.exe
840	Unicorn-41185.exe
2228	Unicorn-6374.exe
2936	Unicorn-33571.exe
1048	Unicorn-38409.exe
1844	Unicorn-4153.exe
2436	Unicorn-40355.exe
2164	Unicorn-5544.exe
1940	Unicorn-5544.exe
1944	Unicorn-28657.exe
2968	Unicorn-38217.exe
2016	Unicorn-3406.exe
2668	Unicorn-645.exe
1628	Unicorn-2036.exe
2560	Unicorn-43623.exe
2592	Unicorn-46084.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exeUnicorn-1252.exeUnicorn-41299.exeUnicorn-17349.exeUnicorn-63904.exeUnicorn-29094.exeUnicorn-9228.exeUnicorn-6618.exe

description	pid	process	target process
PID 2176 wrote to memory of 2956	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-1252.exe
PID 2176 wrote to memory of 2956	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-1252.exe
PID 2176 wrote to memory of 2956	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-1252.exe
PID 2176 wrote to memory of 2956	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-1252.exe
PID 2956 wrote to memory of 3012	2956	Unicorn-1252.exe	Unicorn-41299.exe
PID 2956 wrote to memory of 3012	2956	Unicorn-1252.exe	Unicorn-41299.exe
PID 2956 wrote to memory of 3012	2956	Unicorn-1252.exe	Unicorn-41299.exe
PID 2956 wrote to memory of 3012	2956	Unicorn-1252.exe	Unicorn-41299.exe
PID 2176 wrote to memory of 2288	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-17349.exe
PID 2176 wrote to memory of 2288	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-17349.exe
PID 2176 wrote to memory of 2288	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-17349.exe
PID 2176 wrote to memory of 2288	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	Unicorn-17349.exe
PID 2176 wrote to memory of 2672	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	WerFault.exe
PID 2176 wrote to memory of 2672	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	WerFault.exe
PID 2176 wrote to memory of 2672	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	WerFault.exe
PID 2176 wrote to memory of 2672	2176	18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe	WerFault.exe
PID 3012 wrote to memory of 2636	3012	Unicorn-41299.exe	Unicorn-63904.exe
PID 3012 wrote to memory of 2636	3012	Unicorn-41299.exe	Unicorn-63904.exe
PID 3012 wrote to memory of 2636	3012	Unicorn-41299.exe	Unicorn-63904.exe
PID 3012 wrote to memory of 2636	3012	Unicorn-41299.exe	Unicorn-63904.exe
PID 2956 wrote to memory of 2804	2956	Unicorn-1252.exe	Unicorn-9228.exe
PID 2956 wrote to memory of 2804	2956	Unicorn-1252.exe	Unicorn-9228.exe
PID 2956 wrote to memory of 2804	2956	Unicorn-1252.exe	Unicorn-9228.exe
PID 2956 wrote to memory of 2804	2956	Unicorn-1252.exe	Unicorn-9228.exe
PID 2288 wrote to memory of 2692	2288	Unicorn-17349.exe	Unicorn-29094.exe
PID 2288 wrote to memory of 2692	2288	Unicorn-17349.exe	Unicorn-29094.exe
PID 2288 wrote to memory of 2692	2288	Unicorn-17349.exe	Unicorn-29094.exe
PID 2288 wrote to memory of 2692	2288	Unicorn-17349.exe	Unicorn-29094.exe
PID 2956 wrote to memory of 3008	2956	Unicorn-1252.exe	WerFault.exe
PID 2956 wrote to memory of 3008	2956	Unicorn-1252.exe	WerFault.exe
PID 2956 wrote to memory of 3008	2956	Unicorn-1252.exe	WerFault.exe
PID 2956 wrote to memory of 3008	2956	Unicorn-1252.exe	WerFault.exe
PID 2636 wrote to memory of 1728	2636	Unicorn-63904.exe	Unicorn-6618.exe
PID 2636 wrote to memory of 1728	2636	Unicorn-63904.exe	Unicorn-6618.exe
PID 2636 wrote to memory of 1728	2636	Unicorn-63904.exe	Unicorn-6618.exe
PID 2636 wrote to memory of 1728	2636	Unicorn-63904.exe	Unicorn-6618.exe
PID 2692 wrote to memory of 3024	2692	Unicorn-29094.exe	Unicorn-49597.exe
PID 2692 wrote to memory of 3024	2692	Unicorn-29094.exe	Unicorn-49597.exe
PID 2692 wrote to memory of 3024	2692	Unicorn-29094.exe	Unicorn-49597.exe
PID 2692 wrote to memory of 3024	2692	Unicorn-29094.exe	Unicorn-49597.exe
PID 2804 wrote to memory of 3028	2804	Unicorn-9228.exe	Unicorn-2534.exe
PID 2804 wrote to memory of 3028	2804	Unicorn-9228.exe	Unicorn-2534.exe
PID 2804 wrote to memory of 3028	2804	Unicorn-9228.exe	Unicorn-2534.exe
PID 2804 wrote to memory of 3028	2804	Unicorn-9228.exe	Unicorn-2534.exe
PID 2288 wrote to memory of 1272	2288	Unicorn-17349.exe	Unicorn-29731.exe
PID 2288 wrote to memory of 1272	2288	Unicorn-17349.exe	Unicorn-29731.exe
PID 2288 wrote to memory of 1272	2288	Unicorn-17349.exe	Unicorn-29731.exe
PID 2288 wrote to memory of 1272	2288	Unicorn-17349.exe	Unicorn-29731.exe
PID 3012 wrote to memory of 1540	3012	Unicorn-41299.exe	Unicorn-48206.exe
PID 3012 wrote to memory of 1540	3012	Unicorn-41299.exe	Unicorn-48206.exe
PID 3012 wrote to memory of 1540	3012	Unicorn-41299.exe	Unicorn-48206.exe
PID 3012 wrote to memory of 1540	3012	Unicorn-41299.exe	Unicorn-48206.exe
PID 3012 wrote to memory of 1612	3012	Unicorn-41299.exe	WerFault.exe
PID 3012 wrote to memory of 1612	3012	Unicorn-41299.exe	WerFault.exe
PID 3012 wrote to memory of 1612	3012	Unicorn-41299.exe	WerFault.exe
PID 3012 wrote to memory of 1612	3012	Unicorn-41299.exe	WerFault.exe
PID 2288 wrote to memory of 2716	2288	Unicorn-17349.exe	WerFault.exe
PID 2288 wrote to memory of 2716	2288	Unicorn-17349.exe	WerFault.exe
PID 2288 wrote to memory of 2716	2288	Unicorn-17349.exe	WerFault.exe
PID 2288 wrote to memory of 2716	2288	Unicorn-17349.exe	WerFault.exe
PID 1728 wrote to memory of 1304	1728	Unicorn-6618.exe	Unicorn-58917.exe
PID 1728 wrote to memory of 1304	1728	Unicorn-6618.exe	Unicorn-58917.exe
PID 1728 wrote to memory of 1304	1728	Unicorn-6618.exe	Unicorn-58917.exe
PID 1728 wrote to memory of 1304	1728	Unicorn-6618.exe	Unicorn-58917.exe

C:\Users\Admin\AppData\Local\Temp\18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe
"C:\Users\Admin\AppData\Local\Temp\18f2cdee71940a4da9789554496dcdf2e782de78f46998cdda76dc5459c70142.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        11⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        12⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        13⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        14⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        15⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        14⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        13⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        12⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        11⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        10⤵
        Program crash
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
        12⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
        13⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 220
        13⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        12⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        11⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        10⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 220
        9⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28657.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        9⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        11⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        12⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        13⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 220
        11⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
        9⤵
        Program crash
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        8⤵
        Program crash
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        9⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        12⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41531.exe
        13⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
        13⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 216
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        12⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        11⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        11⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
        12⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
        13⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
        13⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 220
        11⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        8⤵
        Program crash
        
        PID:3924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        7⤵
        Program crash
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38217.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        12⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
        13⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        13⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        11⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        10⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
        9⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        12⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        13⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        12⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        13⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
        11⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
        12⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
        12⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        8⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        7⤵
        Program crash
        
        PID:2800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        6⤵
        Program crash
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        11⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        12⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        13⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        14⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 236
        13⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        12⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        11⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        10⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        11⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        12⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        13⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        13⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 236
        12⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        11⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        12⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        13⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 236
        13⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        9⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        11⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        12⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        13⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        12⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
        11⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42379.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        10⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
        11⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        12⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 236
        12⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        11⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        7⤵
        Program crash
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        12⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 204
        12⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        11⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 216
        9⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        8⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        11⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        12⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 236
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        10⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
        8⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 220
        7⤵
        Program crash
        
        PID:3916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        6⤵
        Program crash
        
        PID:1632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        11⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        12⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
        13⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        14⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 220
        13⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
        10⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        9⤵
        Program crash
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        12⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        13⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 236
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
        12⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        11⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        10⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        9⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        8⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        13⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        11⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 220
        11⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        8⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        7⤵
        Program crash
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        12⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        9⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        10⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        11⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        10⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
        9⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        7⤵
        Program crash
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        6⤵
        Program crash
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        9⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 220
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        10⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        11⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
        12⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        9⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        8⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        7⤵
        Program crash
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        6⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        10⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        10⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
        7⤵
        Program crash
        
        PID:2408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        6⤵
        Program crash
        
        PID:1184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        5⤵
        Program crash
        
        PID:2776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        8⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        9⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        11⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        12⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        13⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        14⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        13⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
        11⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        10⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44091.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        11⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        12⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        13⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        12⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        8⤵
        Program crash
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        11⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        12⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        13⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 236
        13⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        12⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        11⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        12⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        11⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        10⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
        8⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        7⤵
        Program crash
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        13⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        13⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
        11⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        11⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        11⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        10⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
        8⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        7⤵
        Program crash
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        6⤵
        Program crash
        
        PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 220
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 204
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        10⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        8⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        8⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 220
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        8⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        7⤵
        Program crash
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        11⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        12⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        10⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        9⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        8⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        7⤵
        Program crash
        
        PID:3636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
        6⤵
        Program crash
        
        PID:1988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        5⤵
        Program crash
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        10⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        11⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        10⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
        9⤵
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        8⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        7⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        10⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
        10⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        9⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        8⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        7⤵
        
        PID:5736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        6⤵
        Program crash
        
        PID:3820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        5⤵
        Program crash
        
        PID:2032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        11⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        12⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        13⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        14⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 216
        14⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        13⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        11⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        12⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        11⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        12⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        13⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        13⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        12⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        11⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        8⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        11⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
        12⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        8⤵
        Program crash
        
        PID:532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        7⤵
        Program crash
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        12⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        13⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        12⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        11⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        11⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        11⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
        7⤵
        Program crash
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        6⤵
        Program crash
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        8⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 220
        9⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
        11⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        11⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        10⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        10⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        11⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 220
        10⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        10⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        11⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        11⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        10⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        8⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        7⤵
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
        6⤵
        Program crash
        
        PID:2696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        5⤵
        Program crash
        
        PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        10⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        11⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        12⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
        13⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 204
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
        11⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        8⤵
        Program crash
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        10⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        11⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 236
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        10⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
        9⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 220
        8⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        11⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        10⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        10⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        9⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        8⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        7⤵
        
        PID:5184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
        6⤵
        Program crash
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        10⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 220
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 220
        9⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        8⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        7⤵
        
        PID:5416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
        6⤵
        Program crash
        
        PID:3700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 220
        5⤵
        Program crash
        
        PID:2148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11081.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        11⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        12⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        12⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        9⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
        10⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        11⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        12⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        8⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        6⤵
        Program crash
        
        PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        9⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        10⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        10⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        9⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 220
        8⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        7⤵
        
        PID:5860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
        6⤵
        Program crash
        
        PID:3752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        5⤵
        Program crash
        
        PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        6⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        10⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        10⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        9⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
        7⤵
        Program crash
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        9⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
        10⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        10⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        9⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        8⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        7⤵
        
        PID:4420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        6⤵
        Program crash
        
        PID:3388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        5⤵
        Program crash
        
        PID:1188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 220
      4⤵
      Program crash
      PID:2760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe

Filesize
184KB

MD5
98e1d31303809055fd9fc46e371701f9

SHA1
334172a35159935df135fef95fe8aaafe97d1067

SHA256
f9888a2071db0fa0f9da6637f9f9b2af3873b236f4d4c7ebfc078ee61c2f48d8

SHA512
2f38c8a4832cf97a26a864e7a2cb872ce8ba915de1a4fbe85a87c692cc1992a687af082f67a670036b3463a30b5de3f67ba878713e0af234188dbec3746dad0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe

Filesize
184KB

MD5
a8ae10cfdd83f7132a14d3b326d773a1

SHA1
2100af764c2711cbf148e4d1231acc1dcc5bd04b

SHA256
4f839e7038ae11b1d0f5c67e754b9084ae07248a2fff0e15bd51230d4411d261

SHA512
8ab0bfb9165052f214c473fa3581e8e4e87e3e23e597967afd48a54fa20824921273343bc8ea1ae7fa553b8c491b73d3738709c585a9e28d2ae573c71c227e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe

Filesize
184KB

MD5
70a5377d069ddef463f95158cd28585e

SHA1
d3e023e90130bc7c183a7313dbb503fcd4db1e97

SHA256
fa9b25ec09d89a2ef9c33c906e31c5762cece72290197cb619d7b8c7e1be8b44

SHA512
0b45f2ba73df8c4f4f935ed533c33f94afbd8dddd4890bca8854882ee6679f5b866d11058fd0c6c817f5889f103dd6f2510ebce4620e1849a10e2c9ed2aeb2b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe

Filesize
184KB

MD5
efeec666500b5f8b0908019cb43f0d1b

SHA1
80e0a12ae671d8f6b73192ed5139b47f25331754

SHA256
4f3afef36043b5fa2298c0711844d7fcbb208d2854390ae876020a51024b434f

SHA512
c8f7b600aed2d0fcfc5e8be0d1038a2ef9312b868a395df47bb65aad92891d62a930c0d0edd3a3856ddd1590e0f512ed01b6b9df9570e66f58eef5b52327ba92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe

Filesize
184KB

MD5
f511b775dc69392f2ddc26a5d00ea4e4

SHA1
c0c45778be186b365e3f1b126b3c10a43d7b3c63

SHA256
12ae9cc5e0a4da279e9a3b1f8a2ec8231336992c432947e989f2b855b1792911

SHA512
1de954f8b097266a0f23554387d8a231ecd503b67c634b564f645ba74c2797de952544fce670404c9ca34efa26925642eeb4f30dd53a857f8f33774a15aa1b10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe

Filesize
184KB

MD5
a0739ea1ff5989e0c9ddb84110dc1258

SHA1
98ecdac90cc161da4afdadb0c76f4347f0ef6b7d

SHA256
ab8d575be13aeaeac252e0d383fd47f6fec78a05dda0f45ce93f563c502c3dad

SHA512
b34de9df94566b2ac907bcfdae4f53a6cca7a21f6736b3abd7f9416ae80b771a6a1b21f16747d55a3c8ad73c57df93705b4312c5ec4639d7e1348a77f3c865ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe

Filesize
184KB

MD5
7aa857b775fdb70b53a6e9aebe2ad9cb

SHA1
93b4feb0eb80c7fa89170ddcc70c29b83af6ee17

SHA256
6d1bfec34aac49098834d75491cdab041ab00adebb6a1cf2c9ca3cc9db455911

SHA512
9e2f5777e7f800e0223595411b85e4b0456313d20c65e77e4a8057a422cfce0a3d9715538c086824512fbbb2f7dfaeb96dd40cf519678b7ceb7b3c04fce5aa12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe

Filesize
184KB

MD5
845e4d7279f78d271629a51a09de3069

SHA1
82173765ca5562e8885cd3d79800317877efd2ab

SHA256
4b9ed93f6e6dda81cd2ce424332461434e457af3cccdc896b05cbdae0478d81f

SHA512
d00a71343e9d71a274091277d330fbd9f833b03247a0058485b21e80e9fd7fc58dbc64d10d5483f8485cfa52b199215c1c8097968d784f4a061c676c253a1d68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe

Filesize
184KB

MD5
60bd677222cada6539698a8cfaca280c

SHA1
20f1c5709c4226c4a99ce132214832c3cd2a1058

SHA256
b3b8864fb978d151033aa183bfac152508a5a23b11a6890b94027970e31b19e3

SHA512
9cd59356a23347f0518a7af382aa19505d8cea43ba2e9c770940ad9faad5cdbb5e7d43af107b7933562e1378324803889b1680d053e3234982a2de0637c8221d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe

Filesize
184KB

MD5
84cc317cbb226c9ef943923b5722c8c5

SHA1
6e0807ae92e09dd37952d80d5cb6039c7a009e25

SHA256
43f467170f70f0e6ebcab5064d78e98040698f6f34c4501a0160e8cfeda181cb

SHA512
78ea408593deec58fce4a3822536dc4c24c72846bc4958a270251fe28e6305753d75795788f8e27d0af66e21a0ab96aa97c889cadacc1fb9ee4871f9f472143f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe

Filesize
184KB

MD5
afb011f8d03bc5a9a65736264dbe0223

SHA1
4c73560416dcd54c098f04e5f7d4cbab395ea4c6

SHA256
6fea4602c2de6549759dea29b2e2f7550bc4c94942ddd2cefa6ffeea67351616

SHA512
e67f5ba8999db37ff97030bdd3047474613054c3cc19ac23aee37c9c089d712b7719c1c5e41ef8cb264aeafc6cdaa026f9a9b248ee51ec4d61334a40b9c364f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe

Filesize
184KB

MD5
e4ad8f67980bc5d0f099845e3d955fb0

SHA1
c95eeca5fe60217063e3b976114407dc9861479f

SHA256
6061d78834249dfe2313d351b83d625e4af2da13aadf1201c90478baf7283996

SHA512
9f2225f290c73bcd105bf86d1e9d560fe5e9eb3de0d17f1e19dd5b39e5546f9c0eda181a11bb5599b002d6d1b26e1f711b572cf62f86686ad457a0902d6fcf1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe

Filesize
184KB

MD5
0f2caa78af12e96a0321bca90ef3c3a7

SHA1
d571353f5f249b8483602051aed7997e1ee237c4

SHA256
3858a4c248c9ee216ccaa4be897e95146178e2a7b6084e431816020ee30a922a

SHA512
23648fa04a74168d306c851dc15c9655711a3a7407dda09db521bfee0b52ee95c26ef2256ed79541c7ff1ac7b9345057936e04972cf81417c07bc1363b59b4ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe

Filesize
184KB

MD5
5c90d3118105505d94bf511eee145ed9

SHA1
4825ec016af8dbe588c392422cc8121c5222c6e4

SHA256
8f68290f03be95af17090979f7db792ecdcd15fb570fc7605b31d0d18da216c6

SHA512
b0a209c7882919e60948cc14bcd15dbf45c95596aaba0074620c68511990ae4c0287d4514c702f8c7a2de0e1dac1c6107615d6d26f6757f1c1ee0be0b7f329bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe

Filesize
184KB

MD5
0e22b4174ea8c895a650c1b21331a107

SHA1
4607fcad2a9d727650637811b65b44bf51dc1d97

SHA256
803901949121450878a599252b83a56a7b1dc36db3b6ea818e0639c9bf5379f9

SHA512
ad06adda74d6953acc4c7b261fb18dc774652f70872671e5da26e12f3fbdd799280e959b901906f4ce3dfb6b2212edd9d3346f4c863283e9cd2a4afe711a333c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe

Filesize
184KB

MD5
6e63dbe1c78f261cf7082b8d4793e93d

SHA1
d9c549aa8e0d38a87fbd5b2c3c5c07e9b3819863

SHA256
88d03e51aa14c1d620fdc0cc9d5f5083203fc5ec9f0af3e17219a2fa2026bd2d

SHA512
bf3d1f6e5e4c2081a765a15a54f8a69534c70af931ce4381c89a357650e0eba09de74836979f9ece184ade58fd35629129014f2d74d2ade916665b70e8c851a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe

Filesize
184KB

MD5
0f91649063d61d93837a177433a2e127

SHA1
ab82aece275736cadd96536ab990c8d40afbdde4

SHA256
1805a4f390d513a0fd8d6868ab88761d850ee5a975cb1e815f8a58940e9ea236

SHA512
9e6f37e4170e21860a843d519c83a9dbac2531f46a2c4fd9e37cb807e08a0b956167885d3781c3cc89fe0a25ddda1bd631374f57389e71044150fac93d00c70c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe

Filesize
184KB

MD5
e646198ea2cfa42bec7225705814d4dd

SHA1
1b59494e106d1cd323abb0b80e2678b5d303c221

SHA256
9079e1d6507a7c1bbfff94059511b88f4d6812f1647ec344b01ac976cc4bf539

SHA512
7102339497718062b15d7872eb7075e55824c64f5d7d96c62503a95c1bf9b8f3bff0cb45e07e2de455f35232ea0760981051a86b4ff24599a44d9abbed61ffda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe

Filesize
184KB

MD5
5681e5048368c0e4febbabed35a4ec79

SHA1
a6316c285ded16a65415a4b02317fe8f6d7f3de0

SHA256
6ee24a01a2707e9c94f0b9c01132d8ee0760d961094506f32565fc05e2b35893

SHA512
24a92d9c4c35cc9b55cd7409b68019c66fff2eb651cca911b69ffad1019c35d99eb2c4f5b05f46dcd10dc1e7f59a4f23c2e484abc5c972ffe864ae2074162909

Download Submit