199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
Size

184KB
MD5

11a8309a1e1db3da100a050d75010bc3
SHA1

299438a7346be3fdd38cb991ec76075e706e4ce6
SHA256

199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1
SHA512

fa6431a73bfe548675340f47b22d792b6c41c6ee32e834edafb689e5eca4cc562e70004c1deba449d8f70e1f3454687ac2a7f88c4483661d49cd90b0fdd44e97
SSDEEP

1536:07S/ijZm+3khoRx1SyhA/JwMHRIzZc6mdr/cLR2Czstkhl5hj5Vizpvr:6l73kho38yhGdHmzeZcLRF6khlnniFT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-10400.exeUnicorn-37126.exeUnicorn-17260.exeUnicorn-52154.exeUnicorn-41293.exeUnicorn-41017.exeUnicorn-34241.exeUnicorn-64967.exeUnicorn-45102.exeUnicorn-56882.exeUnicorn-7681.exeUnicorn-38408.exeUnicorn-18542.exeUnicorn-18542.exeUnicorn-3597.exeUnicorn-28931.exeUnicorn-48797.exeUnicorn-30323.exeUnicorn-41183.exeUnicorn-26239.exeUnicorn-6373.exeUnicorn-3680.exeUnicorn-34407.exeUnicorn-14541.exeUnicorn-23307.exeUnicorn-3441.exeUnicorn-23307.exeUnicorn-47811.exeUnicorn-5387.exeUnicorn-51895.exeUnicorn-30105.exeUnicorn-40965.exeUnicorn-60831.exeUnicorn-42357.exeUnicorn-22491.exeUnicorn-58200.exeUnicorn-23390.exeUnicorn-3524.exeUnicorn-54116.exeUnicorn-34250.exeUnicorn-62284.exeUnicorn-23944.exeUnicorn-4915.exeUnicorn-50587.exeUnicorn-48662.exeUnicorn-59523.exeUnicorn-41048.exeUnicorn-30188.exeUnicorn-11713.exeUnicorn-22574.exeUnicorn-42440.exeUnicorn-7629.exeUnicorn-18490.exeUnicorn-18490.exeUnicorn-19882.exeUnicorn-11184.exeUnicorn-30981.exeUnicorn-1646.exeUnicorn-38403.exeUnicorn-61516.exeUnicorn-50655.exeUnicorn-43041.exeUnicorn-28097.exeUnicorn-58823.exe

pid	process
2184	Unicorn-10400.exe
3004	Unicorn-37126.exe
2248	Unicorn-17260.exe
2380	Unicorn-52154.exe
2688	Unicorn-41293.exe
2136	Unicorn-41017.exe
2404	Unicorn-34241.exe
2740	Unicorn-64967.exe
2844	Unicorn-45102.exe
1052	Unicorn-56882.exe
2352	Unicorn-7681.exe
288	Unicorn-38408.exe
3012	Unicorn-18542.exe
2896	Unicorn-18542.exe
776	Unicorn-3597.exe
2076	Unicorn-28931.exe
596	Unicorn-48797.exe
568	Unicorn-30323.exe
304	Unicorn-41183.exe
412	Unicorn-26239.exe
1132	Unicorn-6373.exe
1660	Unicorn-3680.exe
1320	Unicorn-34407.exe
1740	Unicorn-14541.exe
2812	Unicorn-23307.exe
1940	Unicorn-3441.exe
1552	Unicorn-23307.exe
884	Unicorn-47811.exe
2928	Unicorn-5387.exe
1596	Unicorn-51895.exe
2944	Unicorn-30105.exe
2220	Unicorn-40965.exe
2392	Unicorn-60831.exe
2640	Unicorn-42357.exe
2572	Unicorn-22491.exe
1652	Unicorn-58200.exe
2252	Unicorn-23390.exe
1644	Unicorn-3524.exe
1456	Unicorn-54116.exe
2600	Unicorn-34250.exe
2836	Unicorn-62284.exe
1852	Unicorn-23944.exe
1628	Unicorn-4915.exe
1216	Unicorn-50587.exe
2292	Unicorn-48662.exe
2604	Unicorn-59523.exe
3052	Unicorn-41048.exe
1296	Unicorn-30188.exe
580	Unicorn-11713.exe
2900	Unicorn-22574.exe
1772	Unicorn-42440.exe
1056	Unicorn-7629.exe
3016	Unicorn-18490.exe
1732	Unicorn-18490.exe
1540	Unicorn-19882.exe
2056	Unicorn-11184.exe
2568	Unicorn-30981.exe
2700	Unicorn-1646.exe
1716	Unicorn-38403.exe
2312	Unicorn-61516.exe
1768	Unicorn-50655.exe
1248	Unicorn-43041.exe
1860	Unicorn-28097.exe
1784	Unicorn-58823.exe

Loads dropped DLL 64 IoCs

Processes:

199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exeUnicorn-10400.exeUnicorn-17260.exeWerFault.exeUnicorn-37126.exeUnicorn-52154.exeUnicorn-41293.exeWerFault.exeWerFault.exeUnicorn-41017.exeUnicorn-34241.exeUnicorn-64967.exeUnicorn-45102.exeWerFault.exeWerFault.exeUnicorn-56882.exeUnicorn-7681.exeUnicorn-38408.exe

pid	process
1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
2184	Unicorn-10400.exe
1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
2184	Unicorn-10400.exe
1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
2184	Unicorn-10400.exe
2248	Unicorn-17260.exe
2184	Unicorn-10400.exe
2248	Unicorn-17260.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
3004	Unicorn-37126.exe
3004	Unicorn-37126.exe
2380	Unicorn-52154.exe
2380	Unicorn-52154.exe
2688	Unicorn-41293.exe
2248	Unicorn-17260.exe
2688	Unicorn-41293.exe
2248	Unicorn-17260.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2196	WerFault.exe
2136	Unicorn-41017.exe
2136	Unicorn-41017.exe
2404	Unicorn-34241.exe
2404	Unicorn-34241.exe
2740	Unicorn-64967.exe
2740	Unicorn-64967.exe
2380	Unicorn-52154.exe
2688	Unicorn-41293.exe
2688	Unicorn-41293.exe
2844	Unicorn-45102.exe
2844	Unicorn-45102.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2136	Unicorn-41017.exe
2136	Unicorn-41017.exe
1052	Unicorn-56882.exe
1052	Unicorn-56882.exe
2352	Unicorn-7681.exe
2352	Unicorn-7681.exe
2404	Unicorn-34241.exe
2404	Unicorn-34241.exe
288	Unicorn-38408.exe
288	Unicorn-38408.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2100	1676	WerFault.exe	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
2468	2184	WerFault.exe	Unicorn-10400.exe
2164	2248	WerFault.exe	Unicorn-17260.exe
2196	3004	WerFault.exe	Unicorn-37126.exe
1432	2380	WerFault.exe	Unicorn-52154.exe
2796	2688	WerFault.exe	Unicorn-41293.exe
1240	2136	WerFault.exe	Unicorn-41017.exe
872	2404	WerFault.exe	Unicorn-34241.exe
3060	2740	WerFault.exe	Unicorn-64967.exe
1688	2844	WerFault.exe	Unicorn-45102.exe
2340	1052	WerFault.exe	Unicorn-56882.exe
2416	2352	WerFault.exe	Unicorn-7681.exe
2588	288	WerFault.exe	Unicorn-38408.exe
2460	776	WerFault.exe	Unicorn-3597.exe
1804	3012	WerFault.exe	Unicorn-18542.exe
1396	596	WerFault.exe	Unicorn-48797.exe
1960	2076	WerFault.exe	Unicorn-28931.exe
276	568	WerFault.exe	Unicorn-30323.exe
2336	304	WerFault.exe	Unicorn-41183.exe
748	1132	WerFault.exe	Unicorn-6373.exe
2080	1320	WerFault.exe	Unicorn-34407.exe
1236	412	WerFault.exe	Unicorn-26239.exe
2128	1660	WerFault.exe	Unicorn-3680.exe
2508	1740	WerFault.exe	Unicorn-14541.exe
2704	2600	WerFault.exe	Unicorn-34250.exe
560	2812	WerFault.exe	Unicorn-23307.exe
536	1552	WerFault.exe	Unicorn-23307.exe
672	1940	WerFault.exe	Unicorn-3441.exe
1484	884	WerFault.exe	Unicorn-47811.exe
640	2928	WerFault.exe	Unicorn-5387.exe
2956	1596	WerFault.exe	Unicorn-51895.exe
1872	2220	WerFault.exe	Unicorn-40965.exe
1608	2944	WerFault.exe	Unicorn-30105.exe
2860	2392	WerFault.exe	Unicorn-60831.exe
2564	2640	WerFault.exe	Unicorn-42357.exe
2692	2572	WerFault.exe	Unicorn-22491.exe
3560	1652	WerFault.exe	Unicorn-58200.exe
3584	1644	WerFault.exe	Unicorn-3524.exe
3608	2252	WerFault.exe	Unicorn-23390.exe
3632	2292	WerFault.exe	Unicorn-48662.exe
3648	1456	WerFault.exe	Unicorn-54116.exe
3664	1852	WerFault.exe	Unicorn-23944.exe
3688	1216	WerFault.exe	Unicorn-50587.exe
3680	2604	WerFault.exe	Unicorn-59523.exe
3712	1732	WerFault.exe	Unicorn-18490.exe
3744	1540	WerFault.exe	Unicorn-19882.exe
3844	2836	WerFault.exe	Unicorn-62284.exe
3836	1628	WerFault.exe	Unicorn-4915.exe
3852	1296	WerFault.exe	Unicorn-30188.exe
3860	580	WerFault.exe	Unicorn-11713.exe
3908	2900	WerFault.exe	Unicorn-22574.exe
3920	3016	WerFault.exe	Unicorn-18490.exe
3928	3052	WerFault.exe	Unicorn-41048.exe
3956	1772	WerFault.exe	Unicorn-42440.exe
3232	1056	WerFault.exe	Unicorn-7629.exe
4216	3272	WerFault.exe	Unicorn-33202.exe
4460	2568	WerFault.exe	Unicorn-30981.exe
4592	1860	WerFault.exe	Unicorn-28097.exe
4620	1248	WerFault.exe	Unicorn-43041.exe
4640	1920	WerFault.exe	Unicorn-13706.exe
4716	2528	WerFault.exe	Unicorn-25959.exe
4840	2700	WerFault.exe	Unicorn-1646.exe
4912	1768	WerFault.exe	Unicorn-50655.exe
4956	1716	WerFault.exe	Unicorn-38403.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exeUnicorn-10400.exeUnicorn-37126.exeUnicorn-17260.exeUnicorn-52154.exeUnicorn-41293.exeUnicorn-41017.exeUnicorn-34241.exeUnicorn-45102.exeUnicorn-64967.exeUnicorn-56882.exeUnicorn-7681.exeUnicorn-38408.exeUnicorn-18542.exeUnicorn-3597.exeUnicorn-28931.exeUnicorn-48797.exeUnicorn-30323.exeUnicorn-41183.exeUnicorn-6373.exeUnicorn-26239.exeUnicorn-3680.exeUnicorn-34407.exeUnicorn-14541.exeUnicorn-23307.exeUnicorn-3441.exeUnicorn-23307.exeUnicorn-47811.exeUnicorn-5387.exeUnicorn-51895.exeUnicorn-40965.exeUnicorn-30105.exeUnicorn-60831.exeUnicorn-42357.exeUnicorn-22491.exeUnicorn-58200.exeUnicorn-3524.exeUnicorn-23390.exeUnicorn-54116.exeUnicorn-62284.exeUnicorn-34250.exeUnicorn-23944.exeUnicorn-4915.exeUnicorn-50587.exeUnicorn-59523.exeUnicorn-48662.exeUnicorn-41048.exeUnicorn-30188.exeUnicorn-11713.exeUnicorn-42440.exeUnicorn-22574.exeUnicorn-18490.exeUnicorn-7629.exeUnicorn-18490.exeUnicorn-19882.exeUnicorn-11184.exeUnicorn-30981.exeUnicorn-1646.exeUnicorn-38403.exeUnicorn-61516.exeUnicorn-50655.exeUnicorn-28097.exeUnicorn-43041.exeUnicorn-58823.exe

pid	process
1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
2184	Unicorn-10400.exe
3004	Unicorn-37126.exe
2248	Unicorn-17260.exe
2380	Unicorn-52154.exe
2688	Unicorn-41293.exe
2136	Unicorn-41017.exe
2404	Unicorn-34241.exe
2844	Unicorn-45102.exe
2740	Unicorn-64967.exe
1052	Unicorn-56882.exe
2352	Unicorn-7681.exe
288	Unicorn-38408.exe
3012	Unicorn-18542.exe
776	Unicorn-3597.exe
2076	Unicorn-28931.exe
596	Unicorn-48797.exe
568	Unicorn-30323.exe
304	Unicorn-41183.exe
1132	Unicorn-6373.exe
412	Unicorn-26239.exe
1660	Unicorn-3680.exe
1320	Unicorn-34407.exe
1740	Unicorn-14541.exe
2812	Unicorn-23307.exe
1940	Unicorn-3441.exe
1552	Unicorn-23307.exe
884	Unicorn-47811.exe
2928	Unicorn-5387.exe
1596	Unicorn-51895.exe
2220	Unicorn-40965.exe
2944	Unicorn-30105.exe
2392	Unicorn-60831.exe
2640	Unicorn-42357.exe
2572	Unicorn-22491.exe
1652	Unicorn-58200.exe
1644	Unicorn-3524.exe
2252	Unicorn-23390.exe
1456	Unicorn-54116.exe
2836	Unicorn-62284.exe
2600	Unicorn-34250.exe
1852	Unicorn-23944.exe
1628	Unicorn-4915.exe
1216	Unicorn-50587.exe
2604	Unicorn-59523.exe
2292	Unicorn-48662.exe
3052	Unicorn-41048.exe
1296	Unicorn-30188.exe
580	Unicorn-11713.exe
1772	Unicorn-42440.exe
2900	Unicorn-22574.exe
3016	Unicorn-18490.exe
1056	Unicorn-7629.exe
1732	Unicorn-18490.exe
1540	Unicorn-19882.exe
2056	Unicorn-11184.exe
2568	Unicorn-30981.exe
2700	Unicorn-1646.exe
1716	Unicorn-38403.exe
2312	Unicorn-61516.exe
1768	Unicorn-50655.exe
1860	Unicorn-28097.exe
1248	Unicorn-43041.exe
1784	Unicorn-58823.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exeUnicorn-10400.exeUnicorn-17260.exeUnicorn-37126.exeUnicorn-52154.exeUnicorn-41293.exeUnicorn-41017.exeUnicorn-34241.exeUnicorn-64967.exe

description	pid	process	target process
PID 1676 wrote to memory of 2184	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-10400.exe
PID 1676 wrote to memory of 2184	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-10400.exe
PID 1676 wrote to memory of 2184	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-10400.exe
PID 1676 wrote to memory of 2184	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-10400.exe
PID 2184 wrote to memory of 3004	2184	Unicorn-10400.exe	Unicorn-37126.exe
PID 2184 wrote to memory of 3004	2184	Unicorn-10400.exe	Unicorn-37126.exe
PID 2184 wrote to memory of 3004	2184	Unicorn-10400.exe	Unicorn-37126.exe
PID 2184 wrote to memory of 3004	2184	Unicorn-10400.exe	Unicorn-37126.exe
PID 1676 wrote to memory of 2248	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-17260.exe
PID 1676 wrote to memory of 2248	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-17260.exe
PID 1676 wrote to memory of 2248	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-17260.exe
PID 1676 wrote to memory of 2248	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	Unicorn-17260.exe
PID 1676 wrote to memory of 2100	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	WerFault.exe
PID 1676 wrote to memory of 2100	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	WerFault.exe
PID 1676 wrote to memory of 2100	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	WerFault.exe
PID 1676 wrote to memory of 2100	1676	199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe	WerFault.exe
PID 2184 wrote to memory of 2380	2184	Unicorn-10400.exe	Unicorn-52154.exe
PID 2184 wrote to memory of 2380	2184	Unicorn-10400.exe	Unicorn-52154.exe
PID 2184 wrote to memory of 2380	2184	Unicorn-10400.exe	Unicorn-52154.exe
PID 2184 wrote to memory of 2380	2184	Unicorn-10400.exe	Unicorn-52154.exe
PID 2248 wrote to memory of 2688	2248	Unicorn-17260.exe	Unicorn-41293.exe
PID 2248 wrote to memory of 2688	2248	Unicorn-17260.exe	Unicorn-41293.exe
PID 2248 wrote to memory of 2688	2248	Unicorn-17260.exe	Unicorn-41293.exe
PID 2248 wrote to memory of 2688	2248	Unicorn-17260.exe	Unicorn-41293.exe
PID 2184 wrote to memory of 2468	2184	Unicorn-10400.exe	WerFault.exe
PID 2184 wrote to memory of 2468	2184	Unicorn-10400.exe	WerFault.exe
PID 2184 wrote to memory of 2468	2184	Unicorn-10400.exe	WerFault.exe
PID 2184 wrote to memory of 2468	2184	Unicorn-10400.exe	WerFault.exe
PID 3004 wrote to memory of 2136	3004	Unicorn-37126.exe	Unicorn-41017.exe
PID 3004 wrote to memory of 2136	3004	Unicorn-37126.exe	Unicorn-41017.exe
PID 3004 wrote to memory of 2136	3004	Unicorn-37126.exe	Unicorn-41017.exe
PID 3004 wrote to memory of 2136	3004	Unicorn-37126.exe	Unicorn-41017.exe
PID 2380 wrote to memory of 2404	2380	Unicorn-52154.exe	Unicorn-34241.exe
PID 2380 wrote to memory of 2404	2380	Unicorn-52154.exe	Unicorn-34241.exe
PID 2380 wrote to memory of 2404	2380	Unicorn-52154.exe	Unicorn-34241.exe
PID 2380 wrote to memory of 2404	2380	Unicorn-52154.exe	Unicorn-34241.exe
PID 2688 wrote to memory of 2740	2688	Unicorn-41293.exe	Unicorn-64967.exe
PID 2688 wrote to memory of 2740	2688	Unicorn-41293.exe	Unicorn-64967.exe
PID 2688 wrote to memory of 2740	2688	Unicorn-41293.exe	Unicorn-64967.exe
PID 2688 wrote to memory of 2740	2688	Unicorn-41293.exe	Unicorn-64967.exe
PID 2248 wrote to memory of 2844	2248	Unicorn-17260.exe	Unicorn-45102.exe
PID 2248 wrote to memory of 2844	2248	Unicorn-17260.exe	Unicorn-45102.exe
PID 2248 wrote to memory of 2844	2248	Unicorn-17260.exe	Unicorn-45102.exe
PID 2248 wrote to memory of 2844	2248	Unicorn-17260.exe	Unicorn-45102.exe
PID 3004 wrote to memory of 2196	3004	Unicorn-37126.exe	WerFault.exe
PID 3004 wrote to memory of 2196	3004	Unicorn-37126.exe	WerFault.exe
PID 3004 wrote to memory of 2196	3004	Unicorn-37126.exe	WerFault.exe
PID 3004 wrote to memory of 2196	3004	Unicorn-37126.exe	WerFault.exe
PID 2248 wrote to memory of 2164	2248	Unicorn-17260.exe	WerFault.exe
PID 2248 wrote to memory of 2164	2248	Unicorn-17260.exe	WerFault.exe
PID 2248 wrote to memory of 2164	2248	Unicorn-17260.exe	WerFault.exe
PID 2248 wrote to memory of 2164	2248	Unicorn-17260.exe	WerFault.exe
PID 2136 wrote to memory of 1052	2136	Unicorn-41017.exe	Unicorn-56882.exe
PID 2136 wrote to memory of 1052	2136	Unicorn-41017.exe	Unicorn-56882.exe
PID 2136 wrote to memory of 1052	2136	Unicorn-41017.exe	Unicorn-56882.exe
PID 2136 wrote to memory of 1052	2136	Unicorn-41017.exe	Unicorn-56882.exe
PID 2404 wrote to memory of 2352	2404	Unicorn-34241.exe	Unicorn-7681.exe
PID 2404 wrote to memory of 2352	2404	Unicorn-34241.exe	Unicorn-7681.exe
PID 2404 wrote to memory of 2352	2404	Unicorn-34241.exe	Unicorn-7681.exe
PID 2404 wrote to memory of 2352	2404	Unicorn-34241.exe	Unicorn-7681.exe
PID 2740 wrote to memory of 288	2740	Unicorn-64967.exe	Unicorn-38408.exe
PID 2740 wrote to memory of 288	2740	Unicorn-64967.exe	Unicorn-38408.exe
PID 2740 wrote to memory of 288	2740	Unicorn-64967.exe	Unicorn-38408.exe
PID 2740 wrote to memory of 288	2740	Unicorn-64967.exe	Unicorn-38408.exe

C:\Users\Admin\AppData\Local\Temp\199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe
"C:\Users\Admin\AppData\Local\Temp\199c175940b427f34a812fbb25f573411a66081df9f51455adf09ec2c259ecc1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        11⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 220
        12⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        11⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        10⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        11⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
        12⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        13⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        14⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        13⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        11⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        10⤵
        Program crash
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        9⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        11⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
        12⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        13⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        14⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13788 -s 188
        15⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
        14⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        13⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        12⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        11⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        10⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        9⤵
        Program crash
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        10⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        11⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        12⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        13⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        14⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        14⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        13⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
        11⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        11⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        12⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        13⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        13⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        9⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        Program crash
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        8⤵
        Program crash
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 220
        7⤵
        Program crash
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
        11⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57876.exe
        12⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        13⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        14⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
        14⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        13⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        11⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        11⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        12⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        13⤵
        
        PID:13736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10896 -s 216
        13⤵
        
        PID:704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        11⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 200
        13⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        12⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        9⤵
        Program crash
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
        12⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
        13⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 204
        13⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        9⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        8⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        10⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        11⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 236
        12⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        11⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        10⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        11⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        12⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        10⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        9⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        7⤵
        Program crash
        
        PID:672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        6⤵
        Program crash
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        10⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        11⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
        12⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        13⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        14⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
        14⤵
        
        PID:14164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 236
        13⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        12⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        11⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        11⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        12⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        13⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 204
        13⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 236
        12⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        8⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 380
        9⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        8⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 224
        13⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        10⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        11⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        12⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        8⤵
        Program crash
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
        7⤵
        Program crash
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        12⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
        13⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 220
        13⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 236
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
        11⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        11⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        12⤵
        
        PID:13696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 236
        12⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        10⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        8⤵
        Program crash
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        11⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        12⤵
        
        PID:14224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
        12⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
        11⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        10⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        Program crash
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        6⤵
        Program crash
        
        PID:1960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        5⤵
        Program crash
        
        PID:1240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        11⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        12⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        13⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        14⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
        14⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        13⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        12⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        11⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        11⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        12⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        13⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
        14⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12132 -s 216
        14⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
        13⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        12⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        11⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
        10⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        13⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        13⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        11⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        10⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
        9⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        10⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        11⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        12⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        13⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
        12⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
        11⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        11⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
        12⤵
        
        PID:13604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        11⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 220
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        8⤵
        Program crash
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        11⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        12⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        13⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        13⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        12⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        11⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        10⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        11⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        12⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        13⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
        13⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        12⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 220
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        10⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        11⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        12⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        13⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
        13⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 236
        12⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        11⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        7⤵
        Program crash
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57731.exe
        12⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        13⤵
        
        PID:14136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
        13⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        12⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        9⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        11⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
        10⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        11⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        10⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        Program crash
        
        PID:640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        6⤵
        Program crash
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        10⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        12⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        13⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        14⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 220
        14⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 236
        13⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        12⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        11⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
        12⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        13⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        9⤵
        Program crash
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        11⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        12⤵
        
        PID:13556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 216
        12⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 236
        11⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        8⤵
        Program crash
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        11⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        12⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 216
        12⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
        10⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        8⤵
        Program crash
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        7⤵
        Program crash
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        11⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        12⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
        12⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16231.exe
        11⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        12⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        11⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        10⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        10⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        11⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        11⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        10⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        8⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        7⤵
        Program crash
        
        PID:3680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        6⤵
        Program crash
        
        PID:2336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        5⤵
        Program crash
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
      4⤵
      Executes dropped EXE
      PID:2896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1432
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        10⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        11⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        12⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        13⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        14⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        14⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        13⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        12⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 216
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        10⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        12⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        13⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
        14⤵
        
        PID:14008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11204 -s 216
        14⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
        13⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        12⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        13⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        14⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 216
        14⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 236
        13⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        12⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44862.exe
        13⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
        13⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        11⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        9⤵
        Program crash
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
        11⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        12⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        13⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        14⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
        13⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        12⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        11⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        12⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 220
        9⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        8⤵
        Program crash
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        12⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
        13⤵
        
        PID:14084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
        13⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        11⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        9⤵
        Program crash
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        11⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
        12⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        9⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        8⤵
        Program crash
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
        7⤵
        Program crash
        
        PID:1236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        6⤵
        Program crash
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
        10⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        11⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
        12⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        13⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        11⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        10⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
        11⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        12⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11696 -s 216
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
        11⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        10⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        10⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        11⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        10⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        9⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        8⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 220
        7⤵
        Program crash
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
        6⤵
        Program crash
        
        PID:748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        5⤵
        Program crash
        
        PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        10⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
        12⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        13⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 220
        13⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        12⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        12⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        13⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
        12⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 220
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        11⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        12⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        13⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        11⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        9⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
        8⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        12⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        13⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        10⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        11⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
        12⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        11⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        10⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        11⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        12⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4012.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        10⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        11⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
        11⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        10⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        9⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        10⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        11⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        7⤵
        Program crash
        
        PID:3908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        6⤵
        Program crash
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        12⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        13⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 216
        13⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        11⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        10⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        11⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
        12⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11632 -s 216
        12⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 220
        11⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        10⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        10⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        11⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
        11⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        7⤵
        Program crash
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        11⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        10⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        9⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        10⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        10⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        9⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        8⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        
        PID:5308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        6⤵
        Program crash
        
        PID:1872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        5⤵
        Program crash
        
        PID:1804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        12⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        13⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        11⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        10⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        11⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        7⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 240
        8⤵
        Program crash
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        6⤵
        Program crash
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        11⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        12⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        12⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        10⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        9⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        10⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        11⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        12⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
        11⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        10⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        11⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        12⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
        11⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
        10⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        9⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        8⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        10⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        11⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 236
        11⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        10⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        9⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        9⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        10⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 236
        10⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        9⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        8⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        7⤵
        
        PID:5848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        6⤵
        Program crash
        
        PID:2692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        5⤵
        Program crash
        
        PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        7⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        8⤵
        Program crash
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        10⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        11⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        12⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11528 -s 216
        12⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
        11⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        9⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 220
        7⤵
        Program crash
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
        6⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        11⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        12⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 236
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        9⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        10⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        11⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
        10⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        9⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        8⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        7⤵
        
        PID:4548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        10⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        11⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        10⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        9⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        8⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        7⤵
        
        PID:4076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        6⤵
        Program crash
        
        PID:3712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        5⤵
        Program crash
        
        PID:2508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
      4⤵
      Program crash
      PID:1688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
  2⤵
  - Program crash
  PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe

Filesize
184KB

MD5
f504d11ff70e2f2ef6d613a49752bcfb

SHA1
c1fa66e9845351c44c83c1ff9cbef11ecd8ec072

SHA256
a37a62f84414c42290caecae197ac2ec2075c26f3026a11b4ee400023c6f6573

SHA512
387ac7ecf87c5e7f460f244a29024e21d47e39cbdcd977d71d453d5917f4560f8439282607a2011405f6459d5327aef437b7fd832d955f0d6b61ae0823a2eefa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe

Filesize
184KB

MD5
75442854366a696dd8f725d9bbd537b9

SHA1
4cafb3aeec1d111ae092a1eff0f13b7bc944dde9

SHA256
4495070a560f52a89553ff99e82acfca0b7e50ee1d13599727036f6f44eb0eb6

SHA512
8851778649e3f3983703c62dcb0e7cd7d8c21f8d497002d990dcd74de8d5e881aead2942d4783562cecbbd013b6870debde409b27f5c7d9aa18326192495fdb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe

Filesize
184KB

MD5
b635520b3b7b2f5345191a0bebc9db3b

SHA1
262f786162c9de593456c010c5c2f0ac8f038cc0

SHA256
93963ddbfbb82d659cccba2927be48caedb85b4401fa616988a94bd73c0e6c39

SHA512
bcad0a9290e57fdc942eb5d6e6534a300012b037bf5306f1072039b158200e32a727824d4390808fc8f0d58f23a38b4c1ce340c1e95d5828e559f6c15ff66819

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe

Filesize
184KB

MD5
04521fc888ef784d4d7db3717dda6fe2

SHA1
8bd53228f976187f4f391baea516171943ae31d1

SHA256
0c459e9be993a22d5c05f55a9d862ed622595f253ebcd937ca2f53733724777e

SHA512
22c58f10e483e9dcd6154cddb115c5e404d3bf2b53d77848dc03c04504c9c3684f9a965f4d430f5f7fc11d902f42ebe02f0aaa32b7106f90d95ba5b8e903c315

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe

Filesize
184KB

MD5
f32f804ee65a1df3719fd69692bf56d7

SHA1
17349ac971c5cb63f93023f6e268a04038a98482

SHA256
72f2c872c95d7c9ebadc878fb7a61fbe4574b395f67402edc1f0c407d1ee2705

SHA512
92374eced9f268d2a02312dcc926e109e549884fb764f4b909f2fd925ea80adc704b43830162fde9228d2324d9f78dc7183ce99b100fcef493675c02b119aeae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe

Filesize
184KB

MD5
70c76a07f1c2686808fe28e45b6d0eca

SHA1
7f43e6fc72743677f1b5aa799f374f76d1342a1e

SHA256
60a2a7170c88eadf68accf592cad00b77f91bdae1c244db2ee3f9cb310fdbc7f

SHA512
ff252cef4652f81a574dc26a94f55b74b2d4aeeee4d78059eb3bb6fda9b49929083f9b821a8495805e692d615b4445007331165b3e19c5453ed79a1192fc5bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe

Filesize
184KB

MD5
a8fadb958ad9c62ccf7fc009fdebad84

SHA1
658eef958e9f934b1ccbdb2458939b076c75ac9f

SHA256
9946f511be91248c909e21c7ead3259ff9d0625209e2911c83952b41fdd3a18a

SHA512
7e816fd46da7309224064e54d5c986f6a30af39ebb5e3aa466b51b2d0708efd03b830a993574bd31a1761694abd9446213992b4fb0aec5c4d25c0c1743e3637e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe

Filesize
184KB

MD5
267868228e6f31e865f3ebf645a5bb61

SHA1
07c141362f6b25eef9f3aaebf01981d58d638948

SHA256
bf5cab21079e1a2ca359bef76bf11e1b71e2065504274bdb7152b97afabfa6fe

SHA512
9471079fad76573a09ec2be53d9247e82ffa3b202c9104d4944f562f09771325d84f3596b3b539ccc11260ca8b2d6ed320505abd0fd19b3421e759fd78ab4ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe

Filesize
184KB

MD5
4de9361c992d1d80c254a0af4e50a9ca

SHA1
2c1da75748e0074bd737f13877d42c7401b951ac

SHA256
70df9d90c81500edc6c5b61828a65322c9acc089a1a264a89cbfaa93fce3ee99

SHA512
3929adcef1c2344cbee031336b2553fe25a4cecb29e637b402f06566a9dbd0977b93a7e778194de73623774cda8091018372ab6bf3efae096641d6fb030e6908

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe

Filesize
184KB

MD5
d7f355e1caec2bd92fa3547652e6912a

SHA1
297b45537fb8b27d112f1a3e2773a6e92aa0dfbf

SHA256
3919de0bed9a914d443d959c3c682038890eb575274a81a2c3fdb880828b04b2

SHA512
e8a35cd3cb2c37cab3262502e6a68423d0f5d02e5c95a1e8cca5795d0d1e9ee699e871696962e7439c8804ac54f29b51ade03f04edb112062f6492b9800aaefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe

Filesize
184KB

MD5
ba075dcdd107dc4b0a4f50d643f00a60

SHA1
f020913af305a99087fc21e27f1aa1c4529d5bef

SHA256
ea051d5d78a9f4c2d203fb9d78d09d1fe765747020e1f68cdbdfaf19a75eb2f1

SHA512
f4ff9555c6396dfa181853e2b4c71340b1315bfafc04d5e1575b44cafd6d8a4c9660d94ecd260120206cc84e2aa7f0e500a3f23c8b2fe4255b1ce396a0f51ebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe

Filesize
184KB

MD5
1c893764fe8a41e65be286b834e95bc4

SHA1
6f6c642e9b296dc625cd5c2e9a6cdee3fe12dd1e

SHA256
a5bfc4f85035472f665363d7b3dea7221f8ca88ef0633e69465ee39e1638c4bd

SHA512
e1e4796509c84da6dc460df1090865ede493e0045fd420a24391cab7c3dc55555200c78112e17e7ffa5b3012fb98f79b790754d230e4bb3c65ece460f39b180a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe

Filesize
184KB

MD5
1c05d66d917da464966504b205fb28ca

SHA1
0f652e08c0b3fdc18bc24695ff5c4b12a5ca57da

SHA256
045648b6137ea015fbfbb296444ccea7d4551e9085b067aada9fe5982f548333

SHA512
e87640925c7a9bbb31d5a262a6af57846695f54cb48efbfacfc51efbbcba0eed4fe8e583ff3ba6f4c4d24c52a855a3b6a36b57d02f6fcc263e9301f014492599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe

Filesize
184KB

MD5
062bde06b1b366d6272b8f4d29436b31

SHA1
863ac6d342e26d34e5af1f07870cb9e0be25d5a2

SHA256
922d12c7b12f0b944a410841ace44aebeefeead7748eed99bdff1cf7f7838d34

SHA512
a3bf191a16eb685e28d2094e273008e40c38c952f8538dbd9c9907535f3a6ba5aaf837217df3a17ed0da5972f4250a639cc0a7141c773d435f804f96cd2d0c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe

Filesize
184KB

MD5
5a4000efb8b33c417023362747e54fdc

SHA1
844772d8a78f988a30c376ee82b2b362545b719c

SHA256
573d21ebf5d360f3deae1b398697bf41ae90db0f84f38ce7faaa7ccec7ac5e58

SHA512
49a3585a5cb134eddf35f83df993e2fa092b9dd2b89b267c11d42682eb8b161b74bc2f312ca8a0f9bd9c02ea94047b19d618380169d9db9f990b50002c35e057

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe

Filesize
184KB

MD5
bb29f14e014fe426d465d753b70c5c95

SHA1
79205b3f829ac826cb81ae2e9c5fd937b2176beb

SHA256
fb703ff002f2b2947374b43b744963236e01ea244ad43624e614faebdc11d154

SHA512
fc8e606a51a9608a5c1623f1bdc3faaec5f60c9e78ae952a627d4d763717f69cb8b5dc562349c26c3b808a017e1293c6ac152b2714a9cd0aa968d5f114a6b8c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe

Filesize
184KB

MD5
ddf394c3875ebd2b5883c69799668e3b

SHA1
c3978cd276aeb259aed4753794de9f946bfa3ed7

SHA256
6a3af4a99d04ecb6a518d91822bd6e5c6139e394d0529008c7f5052e295f1dfa

SHA512
b4c7d4eb746ebc23b7c37915dba4c75ee38fc57fa778b020f3a1ed2c5ecb85925ad7ce21b2db46932b3136c59b726b89917467f26435e37cc660b2f30e4f9088

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe

Filesize
184KB

MD5
91cef57b8ade0dd04a7f1c7b331a4e91

SHA1
f3ee73b2f005cd2ef273019a3b23a5939a59158a

SHA256
20d58d0713deef555ac161e93786762546276ab44e5452fa54ef728c2a5595ea

SHA512
d0945b9182d8b7b220e9b109b11f5c0e41f6e7c95df913cc8c75bfadc932e9c1c2a3789f46267838df7667e33b37acbda28e3d66a5a059e81fad02cfe45d3988

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe

Filesize
184KB

MD5
f6183f4290783c8eff1d21947eefe33d

SHA1
e5e24cef03fb45e1c62f53542a0207b10d737293

SHA256
699ec9e7ccbddeaa2540f8f2d851ca0b550dbd5100d64412e4d053a2c09042fc

SHA512
be4957fbda07c7656529c883fb0ceede23900ed22c55e8ccb9863a5f863acf9082969cd511a50fef6e33c8946ff0cb2facdfade97f1c10cdb9ee925ec0708f67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe

Filesize
184KB

MD5
811e8d30df1b575c40d5521ed8b0aa21

SHA1
a94d46bc3249f1162ab798cdb513b1f856b942fe

SHA256
2ae910770805030334b8e8c9e8418362ef8aa2597bf67fc156dbd827c32f40f0

SHA512
ce3983e5507f2e1134d6875eafa9d6d1e36895ec19f7025bca9dd23df933e837b961c32f940943325018af49c183c614672cbc2fa68a20d18788af4eab8bc5ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe

Filesize
184KB

MD5
7e3744e2ae484eef0f75e3f04724c7d8

SHA1
364a4d0d81e5477f157cce0647587c9c45eb5200

SHA256
f4a717bb6c4aea082372be1de599a2719101dc467167d283930de63f9410f4e6

SHA512
9439295636c50d7f64d724d653b26af36588cfb30cbaad16030816b7f338e7d9909788eea8728b897a14edbecf8e8ed4dfc9d99d3633fd88dc2a98d8096d2586

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe

Filesize
184KB

MD5
4dcf662b666a81d5c123d684d49cfb10

SHA1
b582cecf346888996d96093e870ff7e9093eabd2

SHA256
8924b70d4bd607dd98c3231283c9fb4b1a573ecc1fe29693f5390cc49f392e92

SHA512
8d9f8d9dd448a824efb3817bf0b5a7d48785166f24b43ac35ce7c766b2930904d522e3dabbf33128e6f7ff75c696b728f7751537cd4a357693c8f65c250e8d9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe

Filesize
184KB

MD5
005f20c413d353cc1632ea1355cf2199

SHA1
856fd7edccfc9d98058554b9def2d3304d675595

SHA256
1cc699d35a5bcf35c358b0cc29acec152eedea3df2670430fa3c4db4cdb0f4d2

SHA512
0e45862b4e9bd390c62e3e5cca03def92e5290031ff024cd592b5d6418e048895350acfb98efe591ae3879b43aba2d53024711439b4869d3e336f81d55253a75

Download Submit