26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
Size

184KB
MD5

569bdd9d52be1c30cb51d01fb7251671
SHA1

68c05cf28ba4bbdf4c6e35d9a6ba0ab6231d69eb
SHA256

26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6
SHA512

d909607bd6d808ba483017e74bbf3dda731f15ecc9e5c370e7724f17f4db852588234235b0544e632d41ce290c4e3d1e57027fa81763dc19d8172f58fea9557b
SSDEEP

1536:rB+U6uZlg0Cxozx1tE3AlhwRGD9yvZc8Omdd7XLNCVzetChl5hj5nizpQr:NYN0Cxo97E3c0GhWeIXLNWsChlnViFO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47997.exeUnicorn-56248.exeUnicorn-58941.exeUnicorn-30722.exeUnicorn-61448.exeUnicorn-41582.exeUnicorn-57447.exeUnicorn-41665.exeUnicorn-49279.exeUnicorn-22637.exeUnicorn-2771.exeUnicorn-41194.exeUnicorn-6938.exeUnicorn-57530.exeUnicorn-2854.exeUnicorn-43908.exeUnicorn-17266.exeUnicorn-17266.exeUnicorn-28126.exeUnicorn-58682.exeUnicorn-38816.exeUnicorn-14333.exeUnicorn-10249.exeUnicorn-61396.exeUnicorn-45615.exeUnicorn-12195.exeUnicorn-31224.exeUnicorn-31224.exeUnicorn-16280.exeUnicorn-18972.exeUnicorn-55449.exeUnicorn-55449.exeUnicorn-773.exeUnicorn-59533.exeUnicorn-39667.exeUnicorn-25277.exeUnicorn-45143.exeUnicorn-36975.exeUnicorn-56004.exeUnicorn-41059.exeUnicorn-41613.exeUnicorn-45698.exeUnicorn-51173.exeUnicorn-16363.exeUnicorn-62034.exeUnicorn-4110.exeUnicorn-63425.exeUnicorn-8194.exeUnicorn-43559.exeUnicorn-8241.exeUnicorn-8241.exeUnicorn-35438.exeUnicorn-43052.exeUnicorn-36830.exeUnicorn-36830.exeUnicorn-21048.exeUnicorn-21048.exeUnicorn-28662.exeUnicorn-63472.exeUnicorn-18356.exeUnicorn-53166.exeUnicorn-57250.exeUnicorn-2574.exeUnicorn-25132.exe

pid	process
2304	Unicorn-47997.exe
2292	Unicorn-56248.exe
2664	Unicorn-58941.exe
3044	Unicorn-30722.exe
2624	Unicorn-61448.exe
2676	Unicorn-41582.exe
2428	Unicorn-57447.exe
2960	Unicorn-41665.exe
828	Unicorn-49279.exe
1824	Unicorn-22637.exe
2344	Unicorn-2771.exe
1036	Unicorn-41194.exe
1724	Unicorn-6938.exe
1732	Unicorn-57530.exe
2356	Unicorn-2854.exe
2224	Unicorn-43908.exe
788	Unicorn-17266.exe
488	Unicorn-17266.exe
1492	Unicorn-28126.exe
2100	Unicorn-58682.exe
2420	Unicorn-38816.exe
1360	Unicorn-14333.exe
1332	Unicorn-10249.exe
2064	Unicorn-61396.exe
900	Unicorn-45615.exe
2904	Unicorn-12195.exe
1976	Unicorn-31224.exe
1220	Unicorn-31224.exe
1736	Unicorn-16280.exe
2872	Unicorn-18972.exe
1876	Unicorn-55449.exe
320	Unicorn-55449.exe
2604	Unicorn-773.exe
2600	Unicorn-59533.exe
2608	Unicorn-39667.exe
2996	Unicorn-25277.exe
2732	Unicorn-45143.exe
2484	Unicorn-36975.exe
2464	Unicorn-56004.exe
1428	Unicorn-41059.exe
2260	Unicorn-41613.exe
2268	Unicorn-45698.exe
1928	Unicorn-51173.exe
1716	Unicorn-16363.exe
1444	Unicorn-62034.exe
2948	Unicorn-4110.exe
1680	Unicorn-63425.exe
1544	Unicorn-8194.exe
2060	Unicorn-43559.exe
1788	Unicorn-8241.exe
1796	Unicorn-8241.exe
1320	Unicorn-35438.exe
2432	Unicorn-43052.exe
708	Unicorn-36830.exe
2316	Unicorn-36830.exe
1744	Unicorn-21048.exe
1836	Unicorn-21048.exe
3016	Unicorn-28662.exe
2296	Unicorn-63472.exe
3040	Unicorn-18356.exe
1620	Unicorn-53166.exe
2724	Unicorn-57250.exe
2080	Unicorn-2574.exe
2672	Unicorn-25132.exe

Loads dropped DLL 64 IoCs

Processes:

26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exeUnicorn-47997.exeUnicorn-56248.exeUnicorn-58941.exeWerFault.exeUnicorn-30722.exeUnicorn-41582.exeUnicorn-61448.exeWerFault.exeWerFault.exeUnicorn-57447.exeUnicorn-49279.exeUnicorn-41665.exeUnicorn-2771.exeUnicorn-22637.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-41194.exeUnicorn-6938.exeUnicorn-2854.exe

pid	process
2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
2304	Unicorn-47997.exe
2304	Unicorn-47997.exe
2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
2292	Unicorn-56248.exe
2292	Unicorn-56248.exe
2304	Unicorn-47997.exe
2304	Unicorn-47997.exe
2664	Unicorn-58941.exe
2664	Unicorn-58941.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
3044	Unicorn-30722.exe
3044	Unicorn-30722.exe
2292	Unicorn-56248.exe
2292	Unicorn-56248.exe
2676	Unicorn-41582.exe
2676	Unicorn-41582.exe
2664	Unicorn-58941.exe
2624	Unicorn-61448.exe
2664	Unicorn-58941.exe
2624	Unicorn-61448.exe
2700	WerFault.exe
2700	WerFault.exe
1728	WerFault.exe
1728	WerFault.exe
2700	WerFault.exe
1728	WerFault.exe
2428	Unicorn-57447.exe
2428	Unicorn-57447.exe
3044	Unicorn-30722.exe
3044	Unicorn-30722.exe
828	Unicorn-49279.exe
828	Unicorn-49279.exe
2676	Unicorn-41582.exe
2676	Unicorn-41582.exe
2960	Unicorn-41665.exe
2960	Unicorn-41665.exe
2344	Unicorn-2771.exe
1824	Unicorn-22637.exe
2344	Unicorn-2771.exe
1824	Unicorn-22637.exe
2624	Unicorn-61448.exe
2624	Unicorn-61448.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
952	WerFault.exe
952	WerFault.exe
952	WerFault.exe
2428	Unicorn-57447.exe
1036	Unicorn-41194.exe
1036	Unicorn-41194.exe
2428	Unicorn-57447.exe
1724	Unicorn-6938.exe
1724	Unicorn-6938.exe
2356	Unicorn-2854.exe
2356	Unicorn-2854.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2112	2984	WerFault.exe	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
2520	2304	WerFault.exe	Unicorn-47997.exe
2700	2292	WerFault.exe	Unicorn-56248.exe
1728	2664	WerFault.exe	Unicorn-58941.exe
560	3044	WerFault.exe	Unicorn-30722.exe
2328	2676	WerFault.exe	Unicorn-41582.exe
952	2624	WerFault.exe	Unicorn-61448.exe
2192	2428	WerFault.exe	Unicorn-57447.exe
1608	828	WerFault.exe	Unicorn-49279.exe
2368	2960	WerFault.exe	Unicorn-41665.exe
2640	2344	WerFault.exe	Unicorn-2771.exe
2744	1824	WerFault.exe	Unicorn-22637.exe
2888	1036	WerFault.exe	Unicorn-41194.exe
540	1724	WerFault.exe	Unicorn-6938.exe
1040	2356	WerFault.exe	Unicorn-2854.exe
584	1732	WerFault.exe	Unicorn-57530.exe
928	788	WerFault.exe	Unicorn-17266.exe
1584	2224	WerFault.exe	Unicorn-43908.exe
2424	488	WerFault.exe	Unicorn-17266.exe
1688	1492	WerFault.exe	Unicorn-28126.exe
948	2100	WerFault.exe	Unicorn-58682.exe
1252	2420	WerFault.exe	Unicorn-38816.exe
1664	1360	WerFault.exe	Unicorn-14333.exe
2056	1332	WerFault.exe	Unicorn-10249.exe
2164	2064	WerFault.exe	Unicorn-61396.exe
2124	900	WerFault.exe	Unicorn-45615.exe
3004	2904	WerFault.exe	Unicorn-12195.exe
2712	1220	WerFault.exe	Unicorn-31224.exe
2716	1976	WerFault.exe	Unicorn-31224.exe
2560	1736	WerFault.exe	Unicorn-16280.exe
2512	2872	WerFault.exe	Unicorn-18972.exe
3224	320	WerFault.exe	Unicorn-55449.exe
3232	2604	WerFault.exe	Unicorn-773.exe
3272	2464	WerFault.exe	Unicorn-56004.exe
3288	1876	WerFault.exe	Unicorn-55449.exe
3300	1428	WerFault.exe	Unicorn-41059.exe
3320	2608	WerFault.exe	Unicorn-39667.exe
3328	2996	WerFault.exe	Unicorn-25277.exe
3408	2484	WerFault.exe	Unicorn-36975.exe
3420	2600	WerFault.exe	Unicorn-59533.exe
3448	2732	WerFault.exe	Unicorn-45143.exe
3496	2268	WerFault.exe	Unicorn-45698.exe
3532	2260	WerFault.exe	Unicorn-41613.exe
3616	1444	WerFault.exe	Unicorn-62034.exe
3624	1544	WerFault.exe	Unicorn-8194.exe
3664	1716	WerFault.exe	Unicorn-16363.exe
3656	2060	WerFault.exe	Unicorn-43559.exe
3676	2948	WerFault.exe	Unicorn-4110.exe
3884	1928	WerFault.exe	Unicorn-51173.exe
3964	708	WerFault.exe	Unicorn-36830.exe
3952	2296	WerFault.exe	Unicorn-63472.exe
3880	2848	WerFault.exe	Unicorn-8817.exe
4076	2680	WerFault.exe	Unicorn-2574.exe
4116	3016	WerFault.exe	Unicorn-28662.exe
4152	1692	WerFault.exe	Unicorn-46321.exe
4168	2532	WerFault.exe	Unicorn-21646.exe
4176	3812	WerFault.exe	Unicorn-3207.exe
4184	1836	WerFault.exe	Unicorn-21048.exe
4228	2956	WerFault.exe	Unicorn-5864.exe
4288	2516	WerFault.exe	Unicorn-1780.exe
4312	1320	WerFault.exe	Unicorn-35438.exe
4320	2504	WerFault.exe	Unicorn-27292.exe
4356	1404	WerFault.exe	Unicorn-26860.exe
4384	1744	WerFault.exe	Unicorn-21048.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exeUnicorn-47997.exeUnicorn-56248.exeUnicorn-58941.exeUnicorn-30722.exeUnicorn-41582.exeUnicorn-61448.exeUnicorn-57447.exeUnicorn-41665.exeUnicorn-49279.exeUnicorn-22637.exeUnicorn-2771.exeUnicorn-41194.exeUnicorn-6938.exeUnicorn-2854.exeUnicorn-57530.exeUnicorn-17266.exeUnicorn-43908.exeUnicorn-17266.exeUnicorn-28126.exeUnicorn-58682.exeUnicorn-38816.exeUnicorn-14333.exeUnicorn-10249.exeUnicorn-61396.exeUnicorn-45615.exeUnicorn-12195.exeUnicorn-31224.exeUnicorn-31224.exeUnicorn-16280.exeUnicorn-18972.exeUnicorn-55449.exeUnicorn-55449.exeUnicorn-59533.exeUnicorn-773.exeUnicorn-39667.exeUnicorn-45143.exeUnicorn-25277.exeUnicorn-56004.exeUnicorn-36975.exeUnicorn-41059.exeUnicorn-41613.exeUnicorn-45698.exeUnicorn-62034.exeUnicorn-51173.exeUnicorn-16363.exeUnicorn-4110.exeUnicorn-63425.exeUnicorn-8194.exeUnicorn-43559.exeUnicorn-8241.exeUnicorn-8241.exeUnicorn-35438.exeUnicorn-43052.exeUnicorn-36830.exeUnicorn-36830.exeUnicorn-21048.exeUnicorn-21048.exeUnicorn-28662.exeUnicorn-57250.exeUnicorn-63472.exeUnicorn-18356.exeUnicorn-53166.exeUnicorn-25132.exe

pid	process
2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
2304	Unicorn-47997.exe
2292	Unicorn-56248.exe
2664	Unicorn-58941.exe
3044	Unicorn-30722.exe
2676	Unicorn-41582.exe
2624	Unicorn-61448.exe
2428	Unicorn-57447.exe
2960	Unicorn-41665.exe
828	Unicorn-49279.exe
1824	Unicorn-22637.exe
2344	Unicorn-2771.exe
1036	Unicorn-41194.exe
1724	Unicorn-6938.exe
2356	Unicorn-2854.exe
1732	Unicorn-57530.exe
488	Unicorn-17266.exe
2224	Unicorn-43908.exe
788	Unicorn-17266.exe
1492	Unicorn-28126.exe
2100	Unicorn-58682.exe
2420	Unicorn-38816.exe
1360	Unicorn-14333.exe
1332	Unicorn-10249.exe
2064	Unicorn-61396.exe
900	Unicorn-45615.exe
2904	Unicorn-12195.exe
1976	Unicorn-31224.exe
1220	Unicorn-31224.exe
1736	Unicorn-16280.exe
2872	Unicorn-18972.exe
1876	Unicorn-55449.exe
320	Unicorn-55449.exe
2600	Unicorn-59533.exe
2604	Unicorn-773.exe
2608	Unicorn-39667.exe
2732	Unicorn-45143.exe
2996	Unicorn-25277.exe
2464	Unicorn-56004.exe
2484	Unicorn-36975.exe
1428	Unicorn-41059.exe
2260	Unicorn-41613.exe
2268	Unicorn-45698.exe
1444	Unicorn-62034.exe
1928	Unicorn-51173.exe
1716	Unicorn-16363.exe
2948	Unicorn-4110.exe
1680	Unicorn-63425.exe
1544	Unicorn-8194.exe
2060	Unicorn-43559.exe
1788	Unicorn-8241.exe
1796	Unicorn-8241.exe
1320	Unicorn-35438.exe
2432	Unicorn-43052.exe
708	Unicorn-36830.exe
2316	Unicorn-36830.exe
1836	Unicorn-21048.exe
1744	Unicorn-21048.exe
3016	Unicorn-28662.exe
2724	Unicorn-57250.exe
2296	Unicorn-63472.exe
3040	Unicorn-18356.exe
1620	Unicorn-53166.exe
2672	Unicorn-25132.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exeUnicorn-47997.exeUnicorn-56248.exeUnicorn-58941.exeUnicorn-30722.exeUnicorn-41582.exeUnicorn-61448.exeUnicorn-57447.exe

description	pid	process	target process
PID 2984 wrote to memory of 2304	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-47997.exe
PID 2984 wrote to memory of 2304	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-47997.exe
PID 2984 wrote to memory of 2304	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-47997.exe
PID 2984 wrote to memory of 2304	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-47997.exe
PID 2304 wrote to memory of 2292	2304	Unicorn-47997.exe	Unicorn-56248.exe
PID 2304 wrote to memory of 2292	2304	Unicorn-47997.exe	Unicorn-56248.exe
PID 2304 wrote to memory of 2292	2304	Unicorn-47997.exe	Unicorn-56248.exe
PID 2304 wrote to memory of 2292	2304	Unicorn-47997.exe	Unicorn-56248.exe
PID 2984 wrote to memory of 2664	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-58941.exe
PID 2984 wrote to memory of 2664	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-58941.exe
PID 2984 wrote to memory of 2664	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-58941.exe
PID 2984 wrote to memory of 2664	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	Unicorn-58941.exe
PID 2984 wrote to memory of 2112	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	WerFault.exe
PID 2984 wrote to memory of 2112	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	WerFault.exe
PID 2984 wrote to memory of 2112	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	WerFault.exe
PID 2984 wrote to memory of 2112	2984	26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe	WerFault.exe
PID 2292 wrote to memory of 3044	2292	Unicorn-56248.exe	Unicorn-30722.exe
PID 2292 wrote to memory of 3044	2292	Unicorn-56248.exe	Unicorn-30722.exe
PID 2292 wrote to memory of 3044	2292	Unicorn-56248.exe	Unicorn-30722.exe
PID 2292 wrote to memory of 3044	2292	Unicorn-56248.exe	Unicorn-30722.exe
PID 2304 wrote to memory of 2676	2304	Unicorn-47997.exe	Unicorn-41582.exe
PID 2304 wrote to memory of 2676	2304	Unicorn-47997.exe	Unicorn-41582.exe
PID 2304 wrote to memory of 2676	2304	Unicorn-47997.exe	Unicorn-41582.exe
PID 2304 wrote to memory of 2676	2304	Unicorn-47997.exe	Unicorn-41582.exe
PID 2664 wrote to memory of 2624	2664	Unicorn-58941.exe	Unicorn-61448.exe
PID 2664 wrote to memory of 2624	2664	Unicorn-58941.exe	Unicorn-61448.exe
PID 2664 wrote to memory of 2624	2664	Unicorn-58941.exe	Unicorn-61448.exe
PID 2664 wrote to memory of 2624	2664	Unicorn-58941.exe	Unicorn-61448.exe
PID 2304 wrote to memory of 2520	2304	Unicorn-47997.exe	WerFault.exe
PID 2304 wrote to memory of 2520	2304	Unicorn-47997.exe	WerFault.exe
PID 2304 wrote to memory of 2520	2304	Unicorn-47997.exe	WerFault.exe
PID 2304 wrote to memory of 2520	2304	Unicorn-47997.exe	WerFault.exe
PID 3044 wrote to memory of 2428	3044	Unicorn-30722.exe	Unicorn-57447.exe
PID 3044 wrote to memory of 2428	3044	Unicorn-30722.exe	Unicorn-57447.exe
PID 3044 wrote to memory of 2428	3044	Unicorn-30722.exe	Unicorn-57447.exe
PID 3044 wrote to memory of 2428	3044	Unicorn-30722.exe	Unicorn-57447.exe
PID 2292 wrote to memory of 2960	2292	Unicorn-56248.exe	Unicorn-41665.exe
PID 2292 wrote to memory of 2960	2292	Unicorn-56248.exe	Unicorn-41665.exe
PID 2292 wrote to memory of 2960	2292	Unicorn-56248.exe	Unicorn-41665.exe
PID 2292 wrote to memory of 2960	2292	Unicorn-56248.exe	Unicorn-41665.exe
PID 2676 wrote to memory of 828	2676	Unicorn-41582.exe	Unicorn-49279.exe
PID 2676 wrote to memory of 828	2676	Unicorn-41582.exe	Unicorn-49279.exe
PID 2676 wrote to memory of 828	2676	Unicorn-41582.exe	Unicorn-49279.exe
PID 2676 wrote to memory of 828	2676	Unicorn-41582.exe	Unicorn-49279.exe
PID 2664 wrote to memory of 2344	2664	Unicorn-58941.exe	Unicorn-2771.exe
PID 2664 wrote to memory of 2344	2664	Unicorn-58941.exe	Unicorn-2771.exe
PID 2664 wrote to memory of 2344	2664	Unicorn-58941.exe	Unicorn-2771.exe
PID 2664 wrote to memory of 2344	2664	Unicorn-58941.exe	Unicorn-2771.exe
PID 2624 wrote to memory of 1824	2624	Unicorn-61448.exe	Unicorn-22637.exe
PID 2624 wrote to memory of 1824	2624	Unicorn-61448.exe	Unicorn-22637.exe
PID 2624 wrote to memory of 1824	2624	Unicorn-61448.exe	Unicorn-22637.exe
PID 2624 wrote to memory of 1824	2624	Unicorn-61448.exe	Unicorn-22637.exe
PID 2292 wrote to memory of 2700	2292	Unicorn-56248.exe	WerFault.exe
PID 2292 wrote to memory of 2700	2292	Unicorn-56248.exe	WerFault.exe
PID 2292 wrote to memory of 2700	2292	Unicorn-56248.exe	WerFault.exe
PID 2292 wrote to memory of 2700	2292	Unicorn-56248.exe	WerFault.exe
PID 2664 wrote to memory of 1728	2664	Unicorn-58941.exe	WerFault.exe
PID 2664 wrote to memory of 1728	2664	Unicorn-58941.exe	WerFault.exe
PID 2664 wrote to memory of 1728	2664	Unicorn-58941.exe	WerFault.exe
PID 2664 wrote to memory of 1728	2664	Unicorn-58941.exe	WerFault.exe
PID 2428 wrote to memory of 1036	2428	Unicorn-57447.exe	Unicorn-41194.exe
PID 2428 wrote to memory of 1036	2428	Unicorn-57447.exe	Unicorn-41194.exe
PID 2428 wrote to memory of 1036	2428	Unicorn-57447.exe	Unicorn-41194.exe
PID 2428 wrote to memory of 1036	2428	Unicorn-57447.exe	Unicorn-41194.exe

C:\Users\Admin\AppData\Local\Temp\26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe
"C:\Users\Admin\AppData\Local\Temp\26fb4b7d093328f5ece7cdc5d43a03c8a8398a3c787fa0fe25d3b354cc3b44b6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21646.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        11⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        12⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        13⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21143.exe
        14⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        15⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 216
        15⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        14⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        13⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        11⤵
        Program crash
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        12⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        13⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        14⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 236
        14⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 220
        11⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        12⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        13⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
        14⤵
        
        PID:13460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        14⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        13⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        12⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        10⤵
        Program crash
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
        9⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        11⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        12⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        13⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        14⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
        13⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        12⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        11⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        12⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
        13⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 216
        13⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 236
        12⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        11⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        9⤵
        Program crash
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        8⤵
        Program crash
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        12⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        13⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
        14⤵
        
        PID:14224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        13⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        11⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        12⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        13⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
        13⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        12⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        11⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 220
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33981.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
        12⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        13⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        12⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        9⤵
        Program crash
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        8⤵
        Program crash
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        7⤵
        Program crash
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        11⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 220
        12⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        11⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13280.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        11⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        12⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        13⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
        13⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 236
        12⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 220
        11⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        10⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        11⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        12⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        13⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
        12⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
        11⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 220
        8⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        11⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        12⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        13⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 220
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 220
        11⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        9⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 220
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        8⤵
        Program crash
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
        7⤵
        Program crash
        
        PID:1252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        11⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        12⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        13⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
        14⤵
        
        PID:14244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 216
        14⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        13⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        12⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23151.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe
        11⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        12⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        10⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        11⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
        12⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 220
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        9⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        8⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
        11⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        12⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        13⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 236
        13⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        11⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        10⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5055.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        11⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
        11⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 220
        10⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        7⤵
        Program crash
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        12⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        13⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
        13⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        11⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        12⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
        12⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 236
        11⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        8⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        7⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        11⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45235.exe
        12⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
        12⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
        7⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        6⤵
        Program crash
        
        PID:540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12195.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
        9⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        12⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        13⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        14⤵
        
        PID:13828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        13⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        11⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
        10⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        9⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        11⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        12⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        13⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
        11⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        10⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 220
        8⤵
        Program crash
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        12⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        13⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        10⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        11⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        12⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 220
        10⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        8⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        7⤵
        Program crash
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        11⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        12⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        13⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
        13⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        12⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        8⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 200
        9⤵
        Program crash
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        11⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        12⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        11⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 220
        10⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        8⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        7⤵
        Program crash
        
        PID:3616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        11⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
        12⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 220
        12⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        11⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 220
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        10⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        11⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        12⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 220
        10⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        11⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        12⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        12⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
        10⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        10⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        11⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 236
        11⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        10⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 220
        9⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
        8⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 220
        7⤵
        Program crash
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 220
        10⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        9⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
        10⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
        10⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        9⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        8⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
        7⤵
        
        PID:6092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        6⤵
        Program crash
        
        PID:2712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        5⤵
        Program crash
        
        PID:2368
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        10⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
        11⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        12⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        13⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 220
        12⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        12⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        13⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
        13⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 236
        11⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        12⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        13⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11268 -s 216
        13⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        10⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
        9⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        8⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        11⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        12⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        13⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
        13⤵
        
        PID:13640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
        12⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        11⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22018.exe
        12⤵
        
        PID:13500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
        12⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 220
        10⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 216
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        10⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
        11⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
        12⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 216
        12⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        11⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        7⤵
        Program crash
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        12⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        13⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        12⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 220
        11⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        10⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        11⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 220
        11⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        10⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
        10⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        11⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11556 -s 212
        12⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        11⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        10⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        7⤵
        Program crash
        
        PID:3272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        6⤵
        Program crash
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        12⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        13⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11852 -s 216
        13⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 220
        12⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 220
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        8⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        10⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        11⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        12⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
        12⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        11⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        10⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        9⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        8⤵
        Program crash
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        7⤵
        Program crash
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        8⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 240
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        11⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        9⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        8⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        7⤵
        Program crash
        
        PID:4184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        6⤵
        Program crash
        
        PID:2124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        5⤵
        Program crash
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        11⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        12⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        13⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 220
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
        10⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        11⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26844.exe
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 220
        10⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60442.exe
        11⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        12⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 220
        10⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        7⤵
        Program crash
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        6⤵
        Executes dropped EXE
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
        10⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        11⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 220
        10⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        9⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        10⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        11⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
        10⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        9⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        8⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        7⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        6⤵
        Program crash
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        10⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        11⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
        11⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 236
        10⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        9⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        8⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        7⤵
        
        PID:5920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        Program crash
        
        PID:3328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        5⤵
        Program crash
        
        PID:1040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        11⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60250.exe
        12⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
        12⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        11⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        9⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        8⤵
        Program crash
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        10⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        11⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 220
        11⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        10⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        8⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        7⤵
        Program crash
        
        PID:3532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        6⤵
        Program crash
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        11⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        12⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11384 -s 216
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
        11⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        10⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        8⤵
        Program crash
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        9⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        10⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        11⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        12⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        11⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 220
        10⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        9⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        8⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64370.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        11⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11320 -s 212
        12⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 204
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        9⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        10⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        11⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        10⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        9⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        8⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
        7⤵
        Program crash
        
        PID:4152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        6⤵
        Program crash
        
        PID:2716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 220
        5⤵
        Program crash
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        10⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        11⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        13⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 236
        13⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        12⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 236
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        11⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        12⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 236
        12⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 220
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        11⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        11⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 220
        10⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 220
        9⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        10⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        11⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        12⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        11⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        10⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        8⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        10⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        11⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        12⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 236
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        10⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        9⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        10⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        11⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 236
        11⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        10⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 220
        9⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        8⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        
        PID:4328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
        6⤵
        Program crash
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        10⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 240
        10⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        9⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        10⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        11⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 204
        10⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        9⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 220
        8⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        7⤵
        
        PID:5664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        6⤵
        Program crash
        
        PID:3656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        5⤵
        Program crash
        
        PID:1688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        9⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55953.exe
        10⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        11⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 236
        11⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        10⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        9⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        9⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        10⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        11⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        10⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 220
        9⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 220
        8⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe
        6⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21117.exe
        9⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        10⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        11⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        10⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        9⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        8⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
        7⤵
        
        PID:5960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        6⤵
        Program crash
        
        PID:3496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 236
        5⤵
        Program crash
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        9⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56550.exe
        10⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
        11⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        10⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        9⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        8⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        7⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        5⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        10⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        11⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11072 -s 236
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 236
        10⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        9⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        9⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        10⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        9⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        8⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        9⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        9⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 220
        8⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        7⤵
        
        PID:7360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
        6⤵
        
        PID:6056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        5⤵
        Program crash
        
        PID:2512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
      4⤵
      Program crash
      PID:2640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1728
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
  2⤵
  - Program crash
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe

Filesize
184KB

MD5
e207f4f2abff994614e2678576d6fa3f

SHA1
d80db919f4f371bd6cdcddb6a62065546ecb5e7d

SHA256
486d8ab0601aac83427d7c35ddcafc9e4b87cf2acb73d9e2b9f08568ff40306c

SHA512
cc8e172c8379e9c2b4bebc37b63e0f37f39fd4109f7cdc73813dad5018652ac3327e2f827000747c02c81edc8084f6fa220a2f5a0bc685b1b7398beaac48f025

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe

Filesize
184KB

MD5
3527fb7805cb171d27d8d5cec7a5a869

SHA1
0744b71eeba5841e798ee6211ac4ae672fc15d1b

SHA256
29369c665e21e43b84d2af1c1cd62585c5c56d2eec28940468ef2c0809a3aa58

SHA512
7645af704f94a7db8c9cd5232d369575e2ce7805e09c1da067ec7280facf569cd3aadc6014a2f01b15e8edeb0f07432204115d94ec9c3f3865fa2e0d5d77087c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe

Filesize
184KB

MD5
e3270644c59b2c69138b13b88d684416

SHA1
ee580f2ed28fee1d4fc36c0e71f92e8381319085

SHA256
2efadef67735032eaf4aab8b84196edb1d1ac9b07d6650b9b97254b6e27e7ac4

SHA512
6cfde4f971fe7f222e88037b75780bfd6f884f165b073c03f4b0d9fc196ab09c5bcf2075cd81f226dabdd907a0ff01d1169a8decd533613aa88eff7163db1750

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe

Filesize
184KB

MD5
1c404ba3ab42efed5014c981e6d7111e

SHA1
95189c51d4fc2b0669dbdfc01cacb68d73242fd9

SHA256
aac4fdae455df2aba75e9770d5d4955bd89d4653315bf084495389489b6f679a

SHA512
ff4c3be09083e53542a2ff3485173306d6f5b880bc0c231df814deb65d4a997e59222acca0634411f57b9e4cf07ca1e8dc13ea6dc84f2e92558eceaddb79e497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe

Filesize
184KB

MD5
617b4b9d202d72daf1298b360a32e875

SHA1
b252a3fc34b43152ef8cc96216d1fb6a0c446f58

SHA256
59511eab56c113c38708dace3519d0405339b5d8317475648f4a4e28ce584dfb

SHA512
4ecf2431ea718f660b6761128767376ad1127199a5a5b947309ac39425790f664e5e6d1e106764bdf66e0643bbc21876d7dfb223d93f3711a9b2e189e5cd1a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe

Filesize
184KB

MD5
190c4828cac609c6803272792a9d8e09

SHA1
c0b4ec6feb4f7e27d721e244f127beae3b90289f

SHA256
a71072546f864f57428704e342c3ee51470af16644ed2e15d29412d4aa311d92

SHA512
805bb4c2ce0e37cd65e17f61a9359a58ba338af02e6d22cb6e0377442286771b145e175dab731c86dcd2b1777c8eb36d483fc48b424e1df843af38c6adaa5ef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe

Filesize
184KB

MD5
68f1c9731d9ae7be6b35048ec493fe6a

SHA1
8f0c1120403162793e83f3e2b7a6192817bc4f56

SHA256
5a57b34f1c3ed844fc1cd8ee5974082fbcaa3c914d65678e87d0dcb2020eff5a

SHA512
6ed1441d758080d194c299600db55cad5e15d25d1d1c86b37d3b1a9b2b9206f54fd3eedbf60cd584d8767abdc7dbda6a74577328c723aa9bc5b9658bdcf23ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe

Filesize
184KB

MD5
c3d118ce3bc37b95913bd074bff95b9c

SHA1
7bbfa5ef94bef4da653b195b0b6a83a2acaf35b4

SHA256
65ca470fb289116269bc6c6f58d2bf8e1753c5f35dae2e1ea4e354bf3822a26f

SHA512
0b64feb018d708f4df165995f63c0822d87ed4750ecaf6b7ae59bab860681182173cd6694539e8d0b8d3a1ed89ebc0068cbcce9a6f412d8b5b85f837372023d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe

Filesize
184KB

MD5
a1d45ae4f5882aa50ba35ec2ff2bbbe2

SHA1
459424b20da250b5125c5b97647402aa42d445b0

SHA256
f604d9eee10adec6eea6bd5cd446b7f73ef4bac6840b4817b1400591fa1de276

SHA512
5ce561b77a973799ed9798a82cb22b666f3395d125e717971518084f5218b72fce9f6f1c38a011adb6bd898440c2ffbf1e2ae4dad574d9d2cbd49e1d3aaafbee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe

Filesize
184KB

MD5
69f73e1c724849e80ac5a9a7fafb0ab9

SHA1
d80f76aac8927e971fe0b92e63e405afd3b64b3a

SHA256
d17fef52f6ecd2a9663cf3c1a05f8d0bea2e4b2fbe0751392b776517a3c97be9

SHA512
284e491898426d36e1de125f58c1c77a636b4d580d5dc0696d78648d018d70e37f003150169718e66890fae4772be6899d7bd752d225b7d1649d283d82a87ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe

Filesize
184KB

MD5
749431847d04beb73e118dc5d60e73c9

SHA1
a11d4116c0c489513f028e6d8217f291f9938982

SHA256
ce91c698fd622bdb69860ff1f6ceb026077100ef35da75f19f1df23c56bfec61

SHA512
2719d3658146b161f71792abc75ed887722c2e2eadefd04bd9194e44b686fce4726637d55d07f69cc9e86571bf42a62c50c6cea2c6083adeea9d14fe574c35ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe

Filesize
184KB

MD5
579c98b6ffcc344828fd992743e4fea6

SHA1
8b918166580abe50c86cd04698a938af46f26aeb

SHA256
fbc5139d6e8713722f5a14adc526dbb3f51e41874ed28800037f1b5a16b2e912

SHA512
2ad675e302a0f43f126247e9aaeb7a3d0567f2ae30931523fb32cc7489c3cc4c139ceaf463c79e848ff7aafb1e9d06fbf287e8b20cfbe6a47101817265f8e495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe

Filesize
184KB

MD5
26d51f7f82638429287310c53eacd147

SHA1
c47d8604f74916617c16f57296cc5713d47b0337

SHA256
da803582d3f9c5bcb9ce4922f80d975843d356fa83862e1f2a15282b9e8b6812

SHA512
d817f8abe05428a57697c79fda447192e17c4d16f35143a4933d5accf473692b5d1569b3d23f1856cb0e496ee9e79f5163d8fd4dc2f9ebf4b2585bb975da9fe5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe

Filesize
184KB

MD5
446408b22a4d411ccb7ba0aca726e2c8

SHA1
636938286be26aa4dc0c64bd6805f3b842e14218

SHA256
d7764aa165e4b351d1aec5160f7f931538d0bafe4bbc8bdc6045d57747d6f762

SHA512
d3efcb0877359aa4f18d03e89cc6dbbab66a24496fa098bb9f30e71cd3ad0c2415b2caa074c8098da4e8cff763ae696c074331b5e592defc770198639c86e126

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe

Filesize
184KB

MD5
6c728f46b7bdbc58fa62a39fe233cc19

SHA1
012247b46ed350c535ae6e5b6810bd3614223455

SHA256
567fdcac154ba7c5a3d5e16359d45106857ede76da1efcd1ac98ac8ed62fa6af

SHA512
0cbcafd8a5dfd87b78e31eecbed93f9fe7ea77829a693541b0c501e4710930169f56e1baf0c1b875ce1ecdd0d3e50a9a23f77487de5fc9a3a56f89f4e5df9388

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe

Filesize
184KB

MD5
1fc0637680e83dd9628498184a828c82

SHA1
abd979259ee3100e4f17655472b75207fd081020

SHA256
e48eb81e300280507676a1ac0f3d497efb60cb6f329445f5fe1e0aa24bb7d17b

SHA512
0994d0cfe3f0530b0ead1359786a60753b63a7a38142146018cf6767cce3fd27c8aaea053a9f0e3e87a6dae900d246ea2c64e03de5f40ed579d0ad71082fd994

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe

Filesize
184KB

MD5
b4cb520d315b09304dc9ccce4cb6919f

SHA1
b41388a30a086dbde87747aadae08eb1bdbefdef

SHA256
b16207648cefebe525bd552ffec48c20ec663f588ea93d5c6ea769c52b2b05f4

SHA512
8e635ceac4bd91d4465990fa1797e0f866e41e687369f0b11c5195dab50fd901102f22871d195dad6d8561431af77471b3365c6aae512dccc1cd9495460e1b52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe

Filesize
184KB

MD5
1fe8d92feaad75999e6d9c84b110253d

SHA1
7e207eef8a6ab0ed65ffaf28e23dc32c5253d0cb

SHA256
c97aa3457a5e17b7977dab58ddb888414a3fe7b7f6621a1086670af673e2b266

SHA512
37d3b16d9cd5700e9f8ce1686185a483a36ced8b3a2d90477edb77992289171e9e6a2a6513133258d19ff64f8aa3f683a943aa98a441326de2aa802051ad122b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe

Filesize
184KB

MD5
ef34e145cdb9eaf525eab51a5f8c483d

SHA1
0c37005cc8c9fa876bcfa2f6eba70684cb2fd632

SHA256
5198f3715e17986ca7f145facdb277c6860cfab3fe90f62f92689f01083d86a2

SHA512
42fc09d6a7c6222304769abf0f7729b714a09a8c839df4c300f1298fd70cc31add6a6c97e5381b9798420b974185eb87b2f6406a2df7ff10d767badd50227286

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe

Filesize
184KB

MD5
e09ff6896391c503540702ece62bdd7d

SHA1
1dcc51e913b81068236db3d762176ce3f2f02e29

SHA256
769fcb5a29a3e9248d626f86845469603d19da975b4841cb28427b29da650ce8

SHA512
31bd80a1ba2b30177f3c3451273f1f9705b274c51a2a2b21b8a47f6bf2e8400a08775c66f8aa586f519fb4db00d8c74ca5833040a1b4b6ef0391f74a05564ec9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe

Filesize
184KB

MD5
f14c4960b3c91af13e27391f9dd22b4a

SHA1
5f5db463f69a83d1b4bf4d1cd649de43b99c70ab

SHA256
8bb1cbad9d0c65741d9c5124e67b11f0961903292bfd37f4e0f12249710e3212

SHA512
0e59a1f7bf8f42bde9d1c26b0c58b783cba8bddc1045f7d6b4a99426756f8e9ed1fdcff0958585ff5c4bf1676d13cfedbffabc7c8f4f300f6a17b72bbd43f20b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe

Filesize
184KB

MD5
225e7263c339807a597039d470fee51e

SHA1
c72f77b15b1532a3c86a3addce5a1afe48a191ce

SHA256
97078197da1aa9c87669f2ecbab27e3b6a38c06936d1cd325457b9ffc6f693b6

SHA512
184617380f68dda9d6905add615b1b4fe6827fba77dd8a3dcacb214280c9617fb265483c1f3a61eeee1b5f61e56b2335b169c8d8de09f933dd3b05441cf305f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe

Filesize
184KB

MD5
6e57bd6364fadd5979cd9804693bef37

SHA1
9f231d2650b8ece16d641e760ce8ae4b58b60eb0

SHA256
27ebcc6bd069fc70dc8bedd31293f69b534f2fdb5529cfa3d3f408e259e0d8e6

SHA512
ac14c725b09d0186ef8398aa5eec2be758c0264bb2b6356dca179a4291be43905f01f4b45802d309034322c075ebe4d805f59073f34ebd6633154e298ed02c8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57447.exe

Filesize
184KB

MD5
91ea17caf171ed66411ca251be9be236

SHA1
f6ef15b2849dc82b84ca3d4f5f96bfa362d9e38b

SHA256
e251c5c56a9a88ab0a3c58aeb7b1dc45757d175d407c1f48eeea294fc1b1a1ef

SHA512
2e45e2b8061d0822ad47d83ec66c20e628aab820f97987a5408ccf45eb6406020063668344480d842fd8cf06aaf2dcba0585961b7324fe4f2bc08b156d40e13f

Download Submit