284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
Size

184KB
MD5

f919faa53c9e56cceac6fcabe942be22
SHA1

55c02cb9c8c39ac84881ff04b27bbacca9bb8693
SHA256

284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347
SHA512

8cd8687caf8f3576e8b280735dcccfafb9e2e38cefccb385add41e2c4d873ca5edc70fc61302477c27bc29dac38c52b9376618e7b3af194bf9d2878cdad0a124
SSDEEP

1536:c7ie6g5du3bxoz04IxvAoYwBUVEyGZclOmd8SkLb2RzeHWhlShj5mizpvn:SuF3bxo47xvmoUOfenkLbWqWhlowiF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-28017.exeUnicorn-25085.exeUnicorn-35945.exeUnicorn-21084.exeUnicorn-40112.exeUnicorn-25168.exeUnicorn-55977.exeUnicorn-40195.exeUnicorn-25251.exeUnicorn-45671.exeUnicorn-25805.exeUnicorn-14669.exeUnicorn-34535.exeUnicorn-26367.exeUnicorn-10585.exeUnicorn-42703.exeUnicorn-11976.exeUnicorn-46787.exeUnicorn-17383.exeUnicorn-3891.exeUnicorn-22920.exeUnicorn-30534.exeUnicorn-55806.exeUnicorn-1130.exeUnicorn-6605.exeUnicorn-37332.exeUnicorn-21550.exeUnicorn-21550.exeUnicorn-44109.exeUnicorn-29164.exeUnicorn-41416.exeUnicorn-14280.exeUnicorn-64036.exeUnicorn-39553.exeUnicorn-4742.exeUnicorn-54498.exeUnicorn-35469.exeUnicorn-658.exeUnicorn-36023.exeUnicorn-36023.exeUnicorn-51805.exeUnicorn-51805.exeUnicorn-56444.exeUnicorn-9381.exeUnicorn-53751.exeUnicorn-7243.exeUnicorn-14856.exeUnicorn-14856.exeUnicorn-14856.exeUnicorn-18941.exeUnicorn-29801.exeUnicorn-22231.exeUnicorn-59734.exeUnicorn-7840.exeUnicorn-46735.exeUnicorn-2173.exeUnicorn-26123.exeUnicorn-52765.exeUnicorn-17955.exeUnicorn-18509.exeUnicorn-38375.exeUnicorn-22593.exeUnicorn-3564.exeUnicorn-34291.exe

pid	process
2852	Unicorn-28017.exe
2508	Unicorn-25085.exe
2544	Unicorn-35945.exe
2576	Unicorn-21084.exe
2676	Unicorn-40112.exe
2412	Unicorn-25168.exe
380	Unicorn-55977.exe
1600	Unicorn-40195.exe
1532	Unicorn-25251.exe
2148	Unicorn-45671.exe
2136	Unicorn-25805.exe
628	Unicorn-14669.exe
2024	Unicorn-34535.exe
2760	Unicorn-26367.exe
3048	Unicorn-10585.exe
792	Unicorn-42703.exe
1988	Unicorn-11976.exe
1172	Unicorn-46787.exe
948	Unicorn-17383.exe
1564	Unicorn-3891.exe
1968	Unicorn-22920.exe
352	Unicorn-30534.exe
1840	Unicorn-55806.exe
928	Unicorn-1130.exe
2056	Unicorn-6605.exe
308	Unicorn-37332.exe
2996	Unicorn-21550.exe
2944	Unicorn-21550.exe
888	Unicorn-44109.exe
1592	Unicorn-29164.exe
2260	Unicorn-41416.exe
2008	Unicorn-14280.exe
2912	Unicorn-64036.exe
2648	Unicorn-39553.exe
356	Unicorn-4742.exe
2488	Unicorn-54498.exe
2572	Unicorn-35469.exe
2464	Unicorn-658.exe
2280	Unicorn-36023.exe
2340	Unicorn-36023.exe
1936	Unicorn-51805.exe
1960	Unicorn-51805.exe
332	Unicorn-56444.exe
1816	Unicorn-9381.exe
340	Unicorn-53751.exe
1684	Unicorn-7243.exe
1984	Unicorn-14856.exe
1860	Unicorn-14856.exe
1828	Unicorn-14856.exe
1976	Unicorn-18941.exe
1208	Unicorn-29801.exe
836	Unicorn-22231.exe
1604	Unicorn-59734.exe
2952	Unicorn-7840.exe
2080	Unicorn-46735.exe
2700	Unicorn-2173.exe
2124	Unicorn-26123.exe
876	Unicorn-52765.exe
2116	Unicorn-17955.exe
2800	Unicorn-18509.exe
2792	Unicorn-38375.exe
2616	Unicorn-22593.exe
2752	Unicorn-3564.exe
2532	Unicorn-34291.exe

Loads dropped DLL 64 IoCs

Processes:

284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exeUnicorn-28017.exeUnicorn-25085.exeUnicorn-35945.exeWerFault.exeUnicorn-21084.exeUnicorn-40112.exeUnicorn-25168.exeWerFault.exeWerFault.exeUnicorn-55977.exeUnicorn-25251.exeUnicorn-40195.exeUnicorn-25805.exeUnicorn-45671.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
2852	Unicorn-28017.exe
2852	Unicorn-28017.exe
1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
2508	Unicorn-25085.exe
2852	Unicorn-28017.exe
2508	Unicorn-25085.exe
2852	Unicorn-28017.exe
2544	Unicorn-35945.exe
2544	Unicorn-35945.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
2576	Unicorn-21084.exe
2576	Unicorn-21084.exe
2508	Unicorn-25085.exe
2508	Unicorn-25085.exe
2676	Unicorn-40112.exe
2676	Unicorn-40112.exe
2412	Unicorn-25168.exe
2412	Unicorn-25168.exe
2544	Unicorn-35945.exe
2544	Unicorn-35945.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1940	WerFault.exe
1948	WerFault.exe
2576	Unicorn-21084.exe
2576	Unicorn-21084.exe
380	Unicorn-55977.exe
380	Unicorn-55977.exe
1532	Unicorn-25251.exe
1532	Unicorn-25251.exe
2676	Unicorn-40112.exe
2676	Unicorn-40112.exe
1600	Unicorn-40195.exe
1600	Unicorn-40195.exe
2136	Unicorn-25805.exe
2136	Unicorn-25805.exe
2148	Unicorn-45671.exe
2148	Unicorn-45671.exe
2412	Unicorn-25168.exe
2412	Unicorn-25168.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
1700	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2564	1268	WerFault.exe	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
3036	2852	WerFault.exe	Unicorn-28017.exe
1948	2508	WerFault.exe	Unicorn-25085.exe
1940	2544	WerFault.exe	Unicorn-35945.exe
1524	2576	WerFault.exe	Unicorn-21084.exe
832	2676	WerFault.exe	Unicorn-40112.exe
1700	2412	WerFault.exe	Unicorn-25168.exe
2244	380	WerFault.exe	Unicorn-55977.exe
2728	1532	WerFault.exe	Unicorn-25251.exe
2068	1600	WerFault.exe	Unicorn-40195.exe
2132	2136	WerFault.exe	Unicorn-25805.exe
2896	2024	WerFault.exe	Unicorn-34535.exe
3052	628	WerFault.exe	Unicorn-14669.exe
1812	2760	WerFault.exe	Unicorn-26367.exe
480	1172	WerFault.exe	Unicorn-46787.exe
1156	792	WerFault.exe	Unicorn-42703.exe
672	3048	WerFault.exe	Unicorn-10585.exe
1080	1988	WerFault.exe	Unicorn-11976.exe
3024	948	WerFault.exe	Unicorn-17383.exe
1344	1564	WerFault.exe	Unicorn-3891.exe
560	1968	WerFault.exe	Unicorn-22920.exe
2212	352	WerFault.exe	Unicorn-30534.exe
2228	928	WerFault.exe	Unicorn-1130.exe
2224	1840	WerFault.exe	Unicorn-55806.exe
1384	308	WerFault.exe	Unicorn-37332.exe
2248	2056	WerFault.exe	Unicorn-6605.exe
2316	1592	WerFault.exe	Unicorn-29164.exe
2628	2996	WerFault.exe	Unicorn-21550.exe
2144	888	WerFault.exe	Unicorn-44109.exe
2468	2944	WerFault.exe	Unicorn-21550.exe
1652	2260	WerFault.exe	Unicorn-41416.exe
3068	2008	WerFault.exe	Unicorn-14280.exe
3080	2912	WerFault.exe	Unicorn-64036.exe
3104	2648	WerFault.exe	Unicorn-39553.exe
3128	2340	WerFault.exe	Unicorn-36023.exe
3152	2488	WerFault.exe	Unicorn-54498.exe
3176	356	WerFault.exe	Unicorn-4742.exe
3208	1936	WerFault.exe	Unicorn-51805.exe
3200	2280	WerFault.exe	Unicorn-36023.exe
3232	1960	WerFault.exe	Unicorn-51805.exe
3264	332	WerFault.exe	Unicorn-56444.exe
3256	2572	WerFault.exe	Unicorn-35469.exe
3296	1816	WerFault.exe	Unicorn-9381.exe
3312	1860	WerFault.exe	Unicorn-14856.exe
3372	340	WerFault.exe	Unicorn-53751.exe
3364	1828	WerFault.exe	Unicorn-14856.exe
3356	1984	WerFault.exe	Unicorn-14856.exe
3348	1976	WerFault.exe	Unicorn-18941.exe
3388	1684	WerFault.exe	Unicorn-7243.exe
3480	1208	WerFault.exe	Unicorn-29801.exe
3620	2632	WerFault.exe	Unicorn-65292.exe
3532	2616	WerFault.exe	Unicorn-22593.exe
3652	1336	WerFault.exe	Unicorn-13055.exe
3740	836	WerFault.exe	Unicorn-22231.exe
3716	1632	WerFault.exe	Unicorn-50627.exe
3828	2832	WerFault.exe	Unicorn-37005.exe
3752	1048	WerFault.exe	Unicorn-45173.exe
3976	2304	WerFault.exe	Unicorn-38929.exe
3676	2124	WerFault.exe	Unicorn-26123.exe
4016	2000	WerFault.exe	Unicorn-8203.exe
4020	2532	WerFault.exe	Unicorn-34291.exe
4200	1876	WerFault.exe	Unicorn-45173.exe
4260	2108	WerFault.exe	Unicorn-38929.exe
4392	772	WerFault.exe	Unicorn-45173.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exeUnicorn-28017.exeUnicorn-25085.exeUnicorn-35945.exeUnicorn-21084.exeUnicorn-40112.exeUnicorn-25168.exeUnicorn-55977.exeUnicorn-40195.exeUnicorn-25251.exeUnicorn-45671.exeUnicorn-25805.exeUnicorn-14669.exeUnicorn-34535.exeUnicorn-26367.exeUnicorn-10585.exeUnicorn-11976.exeUnicorn-42703.exeUnicorn-46787.exeUnicorn-17383.exeUnicorn-3891.exeUnicorn-22920.exeUnicorn-30534.exeUnicorn-55806.exeUnicorn-1130.exeUnicorn-6605.exeUnicorn-37332.exeUnicorn-29164.exeUnicorn-21550.exeUnicorn-21550.exeUnicorn-44109.exeUnicorn-41416.exeUnicorn-14280.exeUnicorn-64036.exeUnicorn-39553.exeUnicorn-4742.exeUnicorn-54498.exeUnicorn-35469.exeUnicorn-36023.exeUnicorn-658.exeUnicorn-36023.exeUnicorn-51805.exeUnicorn-51805.exeUnicorn-56444.exeUnicorn-9381.exeUnicorn-53751.exeUnicorn-7243.exeUnicorn-14856.exeUnicorn-14856.exeUnicorn-14856.exeUnicorn-18941.exeUnicorn-29801.exeUnicorn-22231.exeUnicorn-59734.exeUnicorn-7840.exeUnicorn-46735.exeUnicorn-2173.exeUnicorn-26123.exeUnicorn-52765.exeUnicorn-18509.exeUnicorn-38375.exeUnicorn-22593.exeUnicorn-34291.exeUnicorn-3564.exe

pid	process
1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
2852	Unicorn-28017.exe
2508	Unicorn-25085.exe
2544	Unicorn-35945.exe
2576	Unicorn-21084.exe
2676	Unicorn-40112.exe
2412	Unicorn-25168.exe
380	Unicorn-55977.exe
1600	Unicorn-40195.exe
1532	Unicorn-25251.exe
2148	Unicorn-45671.exe
2136	Unicorn-25805.exe
628	Unicorn-14669.exe
2024	Unicorn-34535.exe
2760	Unicorn-26367.exe
3048	Unicorn-10585.exe
1988	Unicorn-11976.exe
792	Unicorn-42703.exe
1172	Unicorn-46787.exe
948	Unicorn-17383.exe
1564	Unicorn-3891.exe
1968	Unicorn-22920.exe
352	Unicorn-30534.exe
1840	Unicorn-55806.exe
928	Unicorn-1130.exe
2056	Unicorn-6605.exe
308	Unicorn-37332.exe
1592	Unicorn-29164.exe
2996	Unicorn-21550.exe
2944	Unicorn-21550.exe
888	Unicorn-44109.exe
2260	Unicorn-41416.exe
2008	Unicorn-14280.exe
2912	Unicorn-64036.exe
2648	Unicorn-39553.exe
356	Unicorn-4742.exe
2488	Unicorn-54498.exe
2572	Unicorn-35469.exe
2340	Unicorn-36023.exe
2464	Unicorn-658.exe
2280	Unicorn-36023.exe
1936	Unicorn-51805.exe
1960	Unicorn-51805.exe
332	Unicorn-56444.exe
1816	Unicorn-9381.exe
340	Unicorn-53751.exe
1684	Unicorn-7243.exe
1860	Unicorn-14856.exe
1828	Unicorn-14856.exe
1984	Unicorn-14856.exe
1976	Unicorn-18941.exe
1208	Unicorn-29801.exe
836	Unicorn-22231.exe
1604	Unicorn-59734.exe
2952	Unicorn-7840.exe
2080	Unicorn-46735.exe
2700	Unicorn-2173.exe
2124	Unicorn-26123.exe
876	Unicorn-52765.exe
2800	Unicorn-18509.exe
2792	Unicorn-38375.exe
2616	Unicorn-22593.exe
2532	Unicorn-34291.exe
2752	Unicorn-3564.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exeUnicorn-28017.exeUnicorn-25085.exeUnicorn-35945.exeUnicorn-21084.exeUnicorn-40112.exeUnicorn-25168.exe

description	pid	process	target process
PID 1268 wrote to memory of 2852	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-28017.exe
PID 1268 wrote to memory of 2852	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-28017.exe
PID 1268 wrote to memory of 2852	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-28017.exe
PID 1268 wrote to memory of 2852	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-28017.exe
PID 2852 wrote to memory of 2508	2852	Unicorn-28017.exe	Unicorn-25085.exe
PID 2852 wrote to memory of 2508	2852	Unicorn-28017.exe	Unicorn-25085.exe
PID 2852 wrote to memory of 2508	2852	Unicorn-28017.exe	Unicorn-25085.exe
PID 2852 wrote to memory of 2508	2852	Unicorn-28017.exe	Unicorn-25085.exe
PID 1268 wrote to memory of 2544	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-35945.exe
PID 1268 wrote to memory of 2544	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-35945.exe
PID 1268 wrote to memory of 2544	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-35945.exe
PID 1268 wrote to memory of 2544	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	Unicorn-35945.exe
PID 1268 wrote to memory of 2564	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	WerFault.exe
PID 1268 wrote to memory of 2564	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	WerFault.exe
PID 1268 wrote to memory of 2564	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	WerFault.exe
PID 1268 wrote to memory of 2564	1268	284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe	WerFault.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-25085.exe	Unicorn-21084.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-25085.exe	Unicorn-21084.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-25085.exe	Unicorn-21084.exe
PID 2508 wrote to memory of 2576	2508	Unicorn-25085.exe	Unicorn-21084.exe
PID 2852 wrote to memory of 2676	2852	Unicorn-28017.exe	Unicorn-40112.exe
PID 2852 wrote to memory of 2676	2852	Unicorn-28017.exe	Unicorn-40112.exe
PID 2852 wrote to memory of 2676	2852	Unicorn-28017.exe	Unicorn-40112.exe
PID 2852 wrote to memory of 2676	2852	Unicorn-28017.exe	Unicorn-40112.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-35945.exe	Unicorn-25168.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-35945.exe	Unicorn-25168.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-35945.exe	Unicorn-25168.exe
PID 2544 wrote to memory of 2412	2544	Unicorn-35945.exe	Unicorn-25168.exe
PID 2852 wrote to memory of 3036	2852	Unicorn-28017.exe	WerFault.exe
PID 2852 wrote to memory of 3036	2852	Unicorn-28017.exe	WerFault.exe
PID 2852 wrote to memory of 3036	2852	Unicorn-28017.exe	WerFault.exe
PID 2852 wrote to memory of 3036	2852	Unicorn-28017.exe	WerFault.exe
PID 2576 wrote to memory of 380	2576	Unicorn-21084.exe	Unicorn-55977.exe
PID 2576 wrote to memory of 380	2576	Unicorn-21084.exe	Unicorn-55977.exe
PID 2576 wrote to memory of 380	2576	Unicorn-21084.exe	Unicorn-55977.exe
PID 2576 wrote to memory of 380	2576	Unicorn-21084.exe	Unicorn-55977.exe
PID 2508 wrote to memory of 1600	2508	Unicorn-25085.exe	Unicorn-40195.exe
PID 2508 wrote to memory of 1600	2508	Unicorn-25085.exe	Unicorn-40195.exe
PID 2508 wrote to memory of 1600	2508	Unicorn-25085.exe	Unicorn-40195.exe
PID 2508 wrote to memory of 1600	2508	Unicorn-25085.exe	Unicorn-40195.exe
PID 2676 wrote to memory of 1532	2676	Unicorn-40112.exe	Unicorn-25251.exe
PID 2676 wrote to memory of 1532	2676	Unicorn-40112.exe	Unicorn-25251.exe
PID 2676 wrote to memory of 1532	2676	Unicorn-40112.exe	Unicorn-25251.exe
PID 2676 wrote to memory of 1532	2676	Unicorn-40112.exe	Unicorn-25251.exe
PID 2412 wrote to memory of 2148	2412	Unicorn-25168.exe	Unicorn-45671.exe
PID 2412 wrote to memory of 2148	2412	Unicorn-25168.exe	Unicorn-45671.exe
PID 2412 wrote to memory of 2148	2412	Unicorn-25168.exe	Unicorn-45671.exe
PID 2412 wrote to memory of 2148	2412	Unicorn-25168.exe	Unicorn-45671.exe
PID 2544 wrote to memory of 2136	2544	Unicorn-35945.exe	Unicorn-25805.exe
PID 2544 wrote to memory of 2136	2544	Unicorn-35945.exe	Unicorn-25805.exe
PID 2544 wrote to memory of 2136	2544	Unicorn-35945.exe	Unicorn-25805.exe
PID 2544 wrote to memory of 2136	2544	Unicorn-35945.exe	Unicorn-25805.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-25085.exe	WerFault.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-25085.exe	WerFault.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-25085.exe	WerFault.exe
PID 2508 wrote to memory of 1948	2508	Unicorn-25085.exe	WerFault.exe
PID 2544 wrote to memory of 1940	2544	Unicorn-35945.exe	WerFault.exe
PID 2544 wrote to memory of 1940	2544	Unicorn-35945.exe	WerFault.exe
PID 2544 wrote to memory of 1940	2544	Unicorn-35945.exe	WerFault.exe
PID 2544 wrote to memory of 1940	2544	Unicorn-35945.exe	WerFault.exe
PID 2576 wrote to memory of 628	2576	Unicorn-21084.exe	Unicorn-14669.exe
PID 2576 wrote to memory of 628	2576	Unicorn-21084.exe	Unicorn-14669.exe
PID 2576 wrote to memory of 628	2576	Unicorn-21084.exe	Unicorn-14669.exe
PID 2576 wrote to memory of 628	2576	Unicorn-21084.exe	Unicorn-14669.exe

C:\Users\Admin\AppData\Local\Temp\284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe
"C:\Users\Admin\AppData\Local\Temp\284de52ed06bb41634bc5cd8e6670b39673500ceff17899fdf9625444bcc2347.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        11⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        12⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        13⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        14⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        13⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        12⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
        11⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        11⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        12⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
        13⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        12⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        11⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        10⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        10⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        12⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        13⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        13⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        12⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        10⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        9⤵
        Program crash
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59734.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61831.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        11⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        12⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        13⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 236
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        11⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        12⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 220
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        Program crash
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        9⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
        10⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        11⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        12⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        10⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        11⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 236
        12⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        10⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
        9⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        8⤵
        Program crash
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        7⤵
        Program crash
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        11⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        12⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 236
        13⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        12⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        11⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        10⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        12⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        12⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        11⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        12⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        12⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        8⤵
        Program crash
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        8⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        11⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        12⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45262.exe
        10⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        11⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 236
        11⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        10⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        7⤵
        Program crash
        
        PID:560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        6⤵
        Program crash
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        9⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
        11⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        11⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        12⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        12⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 236
        11⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        11⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        12⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        11⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 220
        10⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
        11⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        12⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        12⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        11⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        11⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
        10⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        8⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
        11⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 236
        12⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        11⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        10⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        11⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        11⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        8⤵
        Program crash
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        7⤵
        Program crash
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        7⤵
        Executes dropped EXE
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        11⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        11⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        10⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 236
        11⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        7⤵
        Program crash
        
        PID:3152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        6⤵
        Program crash
        
        PID:3052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        8⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        10⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 148
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 216
        9⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        8⤵
        Program crash
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        7⤵
        Program crash
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        10⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        11⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
        12⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        10⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        11⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        11⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
        11⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 236
        11⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 220
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
        8⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        11⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32382.exe
        10⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        11⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 236
        10⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        9⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        8⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        6⤵
        Program crash
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        7⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 220
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        11⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        10⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        10⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        9⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
        8⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 220
        7⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        6⤵
        Program crash
        
        PID:2144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        5⤵
        Program crash
        
        PID:2068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        11⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        12⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        13⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 236
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        12⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        12⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        11⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        12⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 236
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        11⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        10⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        11⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        12⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        13⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 236
        13⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 220
        12⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        11⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        12⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 236
        12⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 240
        11⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        8⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        7⤵
        Program crash
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16570.exe
        11⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
        12⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        10⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        10⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 220
        10⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        8⤵
        Program crash
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        11⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        8⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        7⤵
        Program crash
        
        PID:3128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        6⤵
        Program crash
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        10⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        11⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 220
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        8⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        7⤵
        Program crash
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        10⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 236
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        9⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        10⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        9⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        10⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
        10⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        9⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        7⤵
        Program crash
        
        PID:4260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        6⤵
        Program crash
        
        PID:2228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        5⤵
        Program crash
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        11⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        13⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 236
        13⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 240
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        10⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        10⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        11⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 236
        11⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        11⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 236
        11⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 220
        10⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        8⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        11⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 236
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
        10⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        9⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        10⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
        10⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        9⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        8⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        7⤵
        Program crash
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        10⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
        11⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        9⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        10⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        10⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        9⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        8⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        7⤵
        Program crash
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        6⤵
        Program crash
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        10⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        11⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        10⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        10⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
        9⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24930.exe
        9⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        10⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 220
        10⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        9⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        8⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        7⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        9⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        9⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
        8⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        7⤵
        
        PID:5944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        6⤵
        Program crash
        
        PID:3296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        5⤵
        Program crash
        
        PID:672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        10⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        9⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        8⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        11⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
        10⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        8⤵
        Program crash
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        7⤵
        Program crash
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        10⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        11⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        11⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        10⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        11⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        10⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        7⤵
        Program crash
        
        PID:3264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
        6⤵
        Program crash
        
        PID:480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe
        10⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        11⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 236
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        8⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        8⤵
        Program crash
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        10⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        10⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 236
        10⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        8⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        7⤵
        Program crash
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
        6⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        10⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        11⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        8⤵
        
        PID:4888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        6⤵
        Program crash
        
        PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        11⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
        12⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        11⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        10⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        11⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
        11⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        11⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        11⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        9⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        8⤵
        Program crash
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        10⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
        10⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        8⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 220
        7⤵
        Program crash
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        6⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        11⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        10⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        10⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 236
        10⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        9⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        10⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 236
        10⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        9⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        7⤵
        Program crash
        
        PID:3652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        6⤵
        Program crash
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
        10⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        11⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 236
        11⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
        9⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        10⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 236
        10⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        9⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        8⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 220
        7⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        10⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
        12⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 236
        11⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
        10⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        11⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        11⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 240
        10⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
        9⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        9⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        10⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 236
        10⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        9⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        10⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 240
        9⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        8⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        7⤵
        
        PID:6972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        6⤵
        Program crash
        
        PID:3388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        5⤵
        Program crash
        
        PID:3024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        11⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        12⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        9⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        10⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        9⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        9⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
        10⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        9⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        8⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 220
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        10⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25146.exe
        11⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        10⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        9⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        9⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        9⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        8⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        7⤵
        
        PID:5692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 220
        6⤵
        Program crash
        
        PID:3200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 216
        5⤵
        Program crash
        
        PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        6⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        11⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        11⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        9⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        10⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 236
        10⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 220
        9⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        8⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        7⤵
        Program crash
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19611.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        10⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        10⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        9⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        8⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        7⤵
        
        PID:5484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 220
        6⤵
        Program crash
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5856.exe
        9⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
        9⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        8⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        7⤵
        
        PID:7608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        6⤵
        
        PID:5304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        5⤵
        Program crash
        
        PID:2468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
      4⤵
      Program crash
      PID:2132
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
  2⤵
  - Program crash
  PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe

Filesize
184KB

MD5
4c40a0a4a6d826d60d2eacdfd2c36a1c

SHA1
46f8e9f46f7c80d7128a8761bbccba31a2b5c519

SHA256
54af77741515597768837ac78fc6624780c4e87d0412e8c5103da51762016020

SHA512
abcc22b7da9aebd29821b4874465d4f6cb6708f32e9f6c1abca1caf25d420521c2e31b94454cfe4714e37e0b4669eae59bdef7e231d742dd0952069f4cfe68cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe

Filesize
184KB

MD5
f8361372725f0709c59f42333d48effc

SHA1
bcc51e81a8aca8ef31ff310fe568fcaa3d3ffeed

SHA256
7ff043ab5def718fbd250d93b959f7f8f540638c18809de3f83578f70567d641

SHA512
b4b470e9350aadfee98b02774b10b1f89e486b135cf02e9e8fb09ecf43fb28906d9899d0fdd40c77cd7faf14b51bb68b536c955f75b803d9aecba1b74e7371e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe

Filesize
184KB

MD5
a8e350f650898a6ee9cbe7f720545c77

SHA1
39cb5eba6b6410f233a2753f77ba7631a8acc2ae

SHA256
4255e436cd4f1a05a42e357c5baf8d4aa923493a7fd0e1be0f066604557ccfec

SHA512
4f56546babf3bf4ccc15340aeaa76932b125925eaa1ff34e571172c11de69f38dbec948f5fbc7e8db40bad814570da1f3dfe8e8f1d9b99069af90092b4cc7141

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe

Filesize
184KB

MD5
5c38d0496f0be765742bc99295d1a0b4

SHA1
ae7b89b6fe66cf5e5db4097ede12a16e7ccf6913

SHA256
d104f230544d68c150458f5d1dc0b017c0972fccfe06f603d33165a70a58e833

SHA512
c544c86e00674af93988347b6f99e6c46d4d576a38752e04379c7df74bd426a135335320bd122687a2655ef88cd4f6efadc9fb696d3f4d0eee2d62de6c87d348

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe

Filesize
184KB

MD5
2102de151d1123066460eb5cebf32caa

SHA1
18e6962e5032150cf0290d9e3f02d96efbaa9440

SHA256
8395218412fdd185f158cbf78370bab86c24e5ec506cbeb110ad51f27e35b844

SHA512
049580cbc1f478700c5716efd59b3d4abb0ec92eb250d880bd085d25127e36743e3caf5b29a155f59742b3f832f7e24348f508aa31ac45610c7ecb7f87d08e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe

Filesize
184KB

MD5
6ba8a7051c5fbd4bdb896dbbd2530020

SHA1
af634eb3413d596ad71a877f2f81d6e1f9057ace

SHA256
004f193ec4fd08b719387d556fb19bede36fb9e8669a325efac595539176b110

SHA512
4f3a15c760fa2db3f137344f7c35e9d47ccf0bc99ebe28c80052f13657ec185ddd4c59ab72c4d6b582cb9ca61fb014c962bdcc67b3c37a84d54b709c825a5551

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe

Filesize
184KB

MD5
c9ecc1433abe1b85087030efade2b3fd

SHA1
174f58db7c32879c39a5bdcf671cbe4259f744ab

SHA256
02fb2c0f2cb9654178d31d49e1907c02dc02fe1f764da4e04dcaff831a3f0e5e

SHA512
e3f6b0f451547775d97e99e6f3e972ca8704f8e2f9324877eda5de156cf65e264c3f9c144cc9f50185b752c5af62f618fc1dc0129248147fc0c17dcef7e485df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe

Filesize
184KB

MD5
5a4ad7cf6f5eff5802822df50b48efd6

SHA1
ca36c29017d59779f5cb8db9b1fb2720b542b0ca

SHA256
b56d5e38899e1eb3e3e64228e2b0f363906f15d826598b5135bb1fdfe174889a

SHA512
0422eb45e4a01086d2466fcba04c2092225be3c67b37631e5a3182bf64a766f53e0479f68d69f81c7cf8f696b5acb05b3012f7e2a0cfa3e9957c7c76568c6e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe

Filesize
184KB

MD5
dcef73f364f1d228e24b2db1686cdca3

SHA1
8a2c43a3572ef7a3049849350f7751ff6402f649

SHA256
010521658cf7fbfc83a67929aebb860d5848d4740781493e53b93c7a7e2f66e9

SHA512
4107e25f1d617f9ea8119571fe372e748f5285caf6a0a588798ce4d06f67b866b1460ca43e27753b5b84ee512beffbde3eedd075706016f2cf5287e471b66741

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe

Filesize
184KB

MD5
98083096648cb1f1faf3830dd560305e

SHA1
956bdbf01287b62d9a6eedd69a17b6c3b25e5136

SHA256
688fcb179e7e54b3202b0466eb1d7cd5321045ea26091d86749516a65a896482

SHA512
063f82d6aab8b83fa12c955e8994591332c35c120ca8bac92399c20c1a3e1dfc3c883412221a1e2197b548f784ecbafd518c7347d7eda4946af06a882f71d83b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe

Filesize
184KB

MD5
48cf6622563bcb6ee3fef0b327eacbbe

SHA1
de4440d6c5ebc07d6046faecf951bf19494b4c80

SHA256
26756e3262d6ee7d50bf332509e079c208f55931df52cda3e86114ff915df511

SHA512
c9ea238c2e12fc0d6c2c5a762fdea64ac00c572cdebfd9f1efad254975384948d890ec4870ab5f70cdd3682432730400cdef612d5b97443f519f4a9c4cf15bbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe

Filesize
184KB

MD5
3e575e80e859dfe20c82c56e0c38a085

SHA1
e1db6b1cc33f65a1751f8f9029c5489cdfb3dcd0

SHA256
6b1bbc69aba068a77e4be1906beac6e4a9ea0efb1064072efb897a8eef0bd099

SHA512
49e02f0ad4142ae9a68f924f7bb0295169c9ddf7415c325f3a052abaec02cfa71a8a0a7a107dc66b883c1156ba11d18a8cd8ed065485be292777b398e0226302

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe

Filesize
184KB

MD5
0377615c2c393dd77004ded9aeb8a91a

SHA1
1199bab8af65e74cbf2d55c2be366f8ed1c3ab44

SHA256
5bd4b572060be885328797c12c80448726239e323a2e57686a8e70f98a92216e

SHA512
e2b9411894e30193459007cc8196de30344be35ec2b1a98dc9ffa9d59569aacf3a3c10373e70e1ffcdd054343163c746e181a5ab607aafc743dcecd92cc7bfaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe

Filesize
184KB

MD5
6808a1d3d90848c4af0f6c19d228b4a7

SHA1
6a7381c9823d331f58ce1ee6d190529c8ebcc6b3

SHA256
2c913776502001ccc79cc2790a336a00207f72ad82c8ba17fe1bbf60235b5ee7

SHA512
a7c799934488d4f91f81db722218e753fd9a86a094149b763981491ac010919999f893b944fe41286e9026d8d7f018ae520051d21d83b1b41d9c64f8a59eb1ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe

Filesize
184KB

MD5
10c6d9506b2ffd3682aa22970a219103

SHA1
9a5a9de734d296739bd4208299e16e519d777f83

SHA256
abf65d3adf7eb25d0b52c3fbb8789cc633732c0e28aec4f786de351a379885e2

SHA512
0e1868c980d284d5ce23ef5212021bda158ed06853162a371e5585f02a07709b83b3f29daef9b98911b516868922422b3f3eafe52d694d503b63ca344dbfea20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe

Filesize
184KB

MD5
cd2f1f70182d2ca7f4c4dce4c31d1198

SHA1
33c81edfe25e417a54c1a7013dd57252ce949b5b

SHA256
bda958edaf3db0c06ae62d49f79078c3949973bf221228c56c4b848bd031f504

SHA512
ec64ef933c47618df0d034ce5991ad91b1b7faf9344b196ae182b8da7eed219f902043d1088205a5cdb16b036216413badc2267670e1be01a1b38896f19a5031

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe

Filesize
184KB

MD5
3e5cd013522ac10fb25f374a121892ea

SHA1
c8a973ec3f5c5d2313040ad2e0ded8c90ad53b65

SHA256
f2811b265b28965797bb5eba40e738e3c902d5df098755768ebcba6f96df623c

SHA512
4375fbf7e82d78fb5ef856e8481f13eddfafa24be96bbc8b1dd35838a1972c4ee75f56ca151269b5d8466d6676f1545b8a7fb6e2c3c19db8a8c51daff4aef5ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe

Filesize
184KB

MD5
7683c1d1df9f2bff8940f5b289179acc

SHA1
34cffc91dc8f67e8513f9e979cae40b115598230

SHA256
2c95f3ee8486ce0c5c5233640eba71d616cbc9503322059639bbfa553db9ee56

SHA512
a012c6f48e124eca528537197c6a9546f8e2ffe721b1c8c0259ecd110f8c3daa3a7fb3eed526d11e53d55969ef5412bd8b30a3ae844d3881bec312b4d27a6a50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe

Filesize
184KB

MD5
e4e0ad1796a495bd5a85bb081b96dfc9

SHA1
42cbe7031170a183db93a6681a135550cb29e1d8

SHA256
6312d1778adf3bb6220124ae3364e471bb06f0da4d94d31b9e3fc67fc55e8872

SHA512
169d2b0297ee824d5c7be7129249d0cf67a90980ba27c6cc40808d6731b4c1a8674b9144b199084ae4ea0c2be1291c56669f203c50224eeb6ac50a5f3fba54b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe

Filesize
184KB

MD5
1dd3dc5eb1e20443138c67a4b841040b

SHA1
334f88e2b9f7af18e38c82ff43f9b75a38684c7d

SHA256
85a024d794b59adf047068039d299c348e3935aed513035ecc87b650f633f5fa

SHA512
3c9f802f2a3c088ecf7115226138f32a5c22316571a1216889490d0b21696f35beefe5eae89c755b4ba21cbdac3123b1371797074604a5b028a8a7e55fc9ffa4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe

Filesize
184KB

MD5
1091bc951fe901b1b07343086ccff42c

SHA1
ded974c6c81499c0595dc05e2e73507c63826fc8

SHA256
f02f50fde20db0d62c8c9e070777e0d09d0851774b5b63e3ca4925c545fac7d9

SHA512
eaf3722fe2af207d199f0f48b62f093fb578056719084eb9dec5ed7ed319937074a548675d9761b50bdbacb81e54ea5e56fd5dbf073fa7581cf5b2c08032d039

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe

Filesize
184KB

MD5
27eb8c839383bd8367352457c695516a

SHA1
bf530ca937acdb902f1356d469d9287d9270f52d

SHA256
218595be4a74627f54d9eae1b7e31218c7850c875c84baf85c056db5811ddbee

SHA512
a8cebead722b75e458a3b6012417f81c4bb0ab292c64fbb758b644564418e051d98d9cad3b3e3028c25584e5d0743414fd21bb0b209f69ce8862ffea5de0c956

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe

Filesize
184KB

MD5
17748fdbb06fab01766cbeaa99373e77

SHA1
798064772202f441e31b7c1c22143ae4843b091d

SHA256
379acd2f84922c54115ac54411e2890667c5132245ac59ed7371ff74b980b2ba

SHA512
ecf8d2641e263523c6b183d9befeb60c70b5182b9c9c40515a7ff2e0d40c199ab1723904f74efe49a7869589b03d97f7bf1b45abd4840f43efcf1df063df9100

Download Submit