288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
Size

184KB
MD5

c568708ca010579675a78fbcb55dab60
SHA1

a8774cd6480df9e5fc151871b1a5444691552b86
SHA256

288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30
SHA512

5795a92ae7befb77d1fc7320805bc644ac63041f26da3847dd2d45596e47de0472959118bbbb3d71b5605d3ddbfa89fddeeed7a849ce07052127fcac6f0a9ac5
SSDEEP

3072:cKz3wAoT71OYdHtPZM7LcKonhlnViFnn4:cKToUEHt8LnonhlnViFn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-4872.exeUnicorn-39730.exeUnicorn-7612.exeUnicorn-57218.exeUnicorn-2542.exeUnicorn-51826.exeUnicorn-22491.exeUnicorn-10238.exeUnicorn-25183.exeUnicorn-19559.exeUnicorn-26658.exeUnicorn-64161.exeUnicorn-8951.exeUnicorn-31510.exeUnicorn-42370.exeUnicorn-3860.exeUnicorn-23726.exeUnicorn-40830.exeUnicorn-55775.exeUnicorn-22356.exeUnicorn-33216.exeUnicorn-38692.exeUnicorn-65334.exeUnicorn-3881.exeUnicorn-14742.exeUnicorn-56637.exeUnicorn-1961.exeUnicorn-47099.exeUnicorn-49792.exeUnicorn-38931.exeUnicorn-20457.exeUnicorn-31317.exeUnicorn-10150.exeUnicorn-65381.exeUnicorn-63990.exeUnicorn-2537.exeUnicorn-42823.exeUnicorn-16181.exeUnicorn-49600.exeUnicorn-3113.exeUnicorn-35999.exeUnicorn-64587.exeUnicorn-32469.exeUnicorn-58365.exeUnicorn-43975.exeUnicorn-48059.exeUnicorn-57851.exeUnicorn-57851.exeUnicorn-64395.exeUnicorn-4011.exeUnicorn-23040.exeUnicorn-45921.exeUnicorn-8650.exeUnicorn-39376.exeUnicorn-59242.exeUnicorn-4566.exeUnicorn-14125.exeUnicorn-44852.exeUnicorn-44852.exeUnicorn-5957.exeUnicorn-55713.exeUnicorn-54556.exeUnicorn-13523.exeUnicorn-32552.exe

pid	process
1276	Unicorn-4872.exe
2152	Unicorn-39730.exe
2624	Unicorn-7612.exe
1832	Unicorn-57218.exe
2804	Unicorn-2542.exe
3020	Unicorn-51826.exe
308	Unicorn-22491.exe
3012	Unicorn-10238.exe
2984	Unicorn-25183.exe
2580	Unicorn-19559.exe
2824	Unicorn-26658.exe
1692	Unicorn-64161.exe
2092	Unicorn-8951.exe
2112	Unicorn-31510.exe
2264	Unicorn-42370.exe
1144	Unicorn-3860.exe
1028	Unicorn-23726.exe
1836	Unicorn-40830.exe
800	Unicorn-55775.exe
2344	Unicorn-22356.exe
1716	Unicorn-33216.exe
1824	Unicorn-38692.exe
1368	Unicorn-65334.exe
1860	Unicorn-3881.exe
2504	Unicorn-14742.exe
836	Unicorn-56637.exe
804	Unicorn-1961.exe
2300	Unicorn-47099.exe
1600	Unicorn-49792.exe
1804	Unicorn-38931.exe
1308	Unicorn-20457.exe
2060	Unicorn-31317.exe
2732	Unicorn-10150.exe
2924	Unicorn-65381.exe
2544	Unicorn-63990.exe
2760	Unicorn-2537.exe
2592	Unicorn-42823.exe
1756	Unicorn-16181.exe
1760	Unicorn-49600.exe
2292	Unicorn-3113.exe
756	Unicorn-35999.exe
2904	Unicorn-64587.exe
2748	Unicorn-32469.exe
2116	Unicorn-58365.exe
324	Unicorn-43975.exe
2056	Unicorn-48059.exe
1480	Unicorn-57851.exe
1488	Unicorn-57851.exe
948	Unicorn-64395.exe
852	Unicorn-4011.exe
984	Unicorn-23040.exe
1080	Unicorn-45921.exe
1784	Unicorn-8650.exe
1856	Unicorn-39376.exe
1872	Unicorn-59242.exe
2252	Unicorn-4566.exe
1044	Unicorn-14125.exe
892	Unicorn-44852.exe
860	Unicorn-44852.exe
1616	Unicorn-5957.exe
2988	Unicorn-55713.exe
2632	Unicorn-54556.exe
2780	Unicorn-13523.exe
2836	Unicorn-32552.exe

Loads dropped DLL 64 IoCs

Processes:

288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exeUnicorn-4872.exeUnicorn-39730.exeWerFault.exeUnicorn-7612.exeUnicorn-57218.exeUnicorn-2542.exeWerFault.exeWerFault.exeUnicorn-51826.exeUnicorn-22491.exeUnicorn-25183.exeUnicorn-10238.exeWerFault.exeWerFault.exeUnicorn-19559.exeUnicorn-26658.exeUnicorn-8951.exe

pid	process
2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
1276	Unicorn-4872.exe
1276	Unicorn-4872.exe
2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
2152	Unicorn-39730.exe
1276	Unicorn-4872.exe
2152	Unicorn-39730.exe
1276	Unicorn-4872.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2624	Unicorn-7612.exe
2624	Unicorn-7612.exe
1832	Unicorn-57218.exe
1832	Unicorn-57218.exe
2804	Unicorn-2542.exe
2152	Unicorn-39730.exe
2804	Unicorn-2542.exe
2152	Unicorn-39730.exe
1668	WerFault.exe
1708	WerFault.exe
1668	WerFault.exe
1708	WerFault.exe
1668	WerFault.exe
1708	WerFault.exe
1668	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1668	WerFault.exe
3020	Unicorn-51826.exe
3020	Unicorn-51826.exe
308	Unicorn-22491.exe
308	Unicorn-22491.exe
1832	Unicorn-57218.exe
1832	Unicorn-57218.exe
2984	Unicorn-25183.exe
2984	Unicorn-25183.exe
3012	Unicorn-10238.exe
3012	Unicorn-10238.exe
2804	Unicorn-2542.exe
2804	Unicorn-2542.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
3020	Unicorn-51826.exe
2580	Unicorn-19559.exe
3020	Unicorn-51826.exe
2580	Unicorn-19559.exe
2824	Unicorn-26658.exe
2824	Unicorn-26658.exe
308	Unicorn-22491.exe
308	Unicorn-22491.exe
2092	Unicorn-8951.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	2972	WerFault.exe	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
2540	1276	WerFault.exe	Unicorn-4872.exe
1708	2152	WerFault.exe	Unicorn-39730.exe
1668	2624	WerFault.exe	Unicorn-7612.exe
2832	1832	WerFault.exe	Unicorn-57218.exe
592	2804	WerFault.exe	Unicorn-2542.exe
1932	3020	WerFault.exe	Unicorn-51826.exe
2220	308	WerFault.exe	Unicorn-22491.exe
2192	2984	WerFault.exe	Unicorn-25183.exe
1728	3012	WerFault.exe	Unicorn-10238.exe
2892	2580	WerFault.exe	Unicorn-19559.exe
2284	2824	WerFault.exe	Unicorn-26658.exe
344	2092	WerFault.exe	Unicorn-8951.exe
1664	1692	WerFault.exe	Unicorn-64161.exe
1592	2264	WerFault.exe	Unicorn-42370.exe
1120	2112	WerFault.exe	Unicorn-31510.exe
1888	2924	WerFault.exe	Unicorn-65381.exe
2724	1144	WerFault.exe	Unicorn-3860.exe
2744	1028	WerFault.exe	Unicorn-23726.exe
2752	1836	WerFault.exe	Unicorn-40830.exe
876	800	WerFault.exe	Unicorn-55775.exe
2900	2344	WerFault.exe	Unicorn-22356.exe
1992	1716	WerFault.exe	Unicorn-33216.exe
2208	1824	WerFault.exe	Unicorn-38692.exe
2948	1368	WerFault.exe	Unicorn-65334.exe
980	2504	WerFault.exe	Unicorn-14742.exe
1496	1860	WerFault.exe	Unicorn-3881.exe
304	804	WerFault.exe	Unicorn-1961.exe
2864	836	WerFault.exe	Unicorn-56637.exe
1544	1600	WerFault.exe	Unicorn-49792.exe
1864	1308	WerFault.exe	Unicorn-20457.exe
1876	2732	WerFault.exe	Unicorn-10150.exe
2012	2060	WerFault.exe	Unicorn-31317.exe
1884	2300	WerFault.exe	Unicorn-47099.exe
2612	1804	WerFault.exe	Unicorn-38931.exe
2640	2592	WerFault.exe	Unicorn-42823.exe
2876	2544	WerFault.exe	Unicorn-63990.exe
1292	1760	WerFault.exe	Unicorn-49600.exe
2332	2760	WerFault.exe	Unicorn-2537.exe
2608	1756	WerFault.exe	Unicorn-16181.exe
3884	2292	WerFault.exe	Unicorn-3113.exe
3988	756	WerFault.exe	Unicorn-35999.exe
3176	2748	WerFault.exe	Unicorn-32469.exe
3492	2116	WerFault.exe	Unicorn-58365.exe
3772	2904	WerFault.exe	Unicorn-64587.exe
3876	1872	WerFault.exe	Unicorn-59242.exe
3920	1044	WerFault.exe	Unicorn-14125.exe
4072	1080	WerFault.exe	Unicorn-45921.exe
3108	1616	WerFault.exe	Unicorn-5957.exe
3200	948	WerFault.exe	Unicorn-64395.exe
3480	860	WerFault.exe	Unicorn-44852.exe
3496	1784	WerFault.exe	Unicorn-8650.exe
3836	2836	WerFault.exe	Unicorn-32552.exe
3892	1636	WerFault.exe	Unicorn-63087.exe
3112	1396	WerFault.exe	Unicorn-63663.exe
3204	300	WerFault.exe	Unicorn-63663.exe
3232	3068	WerFault.exe	Unicorn-62916.exe
3516	1584	WerFault.exe	Unicorn-21692.exe
3696	2232	WerFault.exe	Unicorn-38966.exe
3856	2036	WerFault.exe	Unicorn-24576.exe
3872	2792	WerFault.exe	Unicorn-10186.exe
3292	1848	WerFault.exe	Unicorn-9631.exe
3620	2008	WerFault.exe	Unicorn-1463.exe
3960	2816	WerFault.exe	Unicorn-48889.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exeUnicorn-4872.exeUnicorn-39730.exeUnicorn-7612.exeUnicorn-57218.exeUnicorn-2542.exeUnicorn-51826.exeUnicorn-22491.exeUnicorn-25183.exeUnicorn-10238.exeUnicorn-19559.exeUnicorn-26658.exeUnicorn-64161.exeUnicorn-8951.exeUnicorn-31510.exeUnicorn-42370.exeUnicorn-23726.exeUnicorn-3860.exeUnicorn-40830.exeUnicorn-55775.exeUnicorn-22356.exeUnicorn-33216.exeUnicorn-38692.exeUnicorn-65334.exeUnicorn-14742.exeUnicorn-3881.exeUnicorn-56637.exeUnicorn-1961.exeUnicorn-47099.exeUnicorn-49792.exeUnicorn-38931.exeUnicorn-20457.exeUnicorn-31317.exeUnicorn-10150.exeUnicorn-65381.exeUnicorn-63990.exeUnicorn-2537.exeUnicorn-42823.exeUnicorn-16181.exeUnicorn-49600.exeUnicorn-3113.exeUnicorn-35999.exeUnicorn-64587.exeUnicorn-32469.exeUnicorn-58365.exeUnicorn-43975.exeUnicorn-48059.exeUnicorn-57851.exeUnicorn-64395.exeUnicorn-57851.exeUnicorn-4011.exeUnicorn-8650.exeUnicorn-23040.exeUnicorn-45921.exeUnicorn-39376.exeUnicorn-59242.exeUnicorn-4566.exeUnicorn-14125.exeUnicorn-44852.exeUnicorn-44852.exeUnicorn-5957.exeUnicorn-55713.exeUnicorn-54556.exeUnicorn-32552.exe

pid	process
2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
1276	Unicorn-4872.exe
2152	Unicorn-39730.exe
2624	Unicorn-7612.exe
1832	Unicorn-57218.exe
2804	Unicorn-2542.exe
3020	Unicorn-51826.exe
308	Unicorn-22491.exe
2984	Unicorn-25183.exe
3012	Unicorn-10238.exe
2580	Unicorn-19559.exe
2824	Unicorn-26658.exe
1692	Unicorn-64161.exe
2092	Unicorn-8951.exe
2112	Unicorn-31510.exe
2264	Unicorn-42370.exe
1028	Unicorn-23726.exe
1144	Unicorn-3860.exe
1836	Unicorn-40830.exe
800	Unicorn-55775.exe
2344	Unicorn-22356.exe
1716	Unicorn-33216.exe
1824	Unicorn-38692.exe
1368	Unicorn-65334.exe
2504	Unicorn-14742.exe
1860	Unicorn-3881.exe
836	Unicorn-56637.exe
804	Unicorn-1961.exe
2300	Unicorn-47099.exe
1600	Unicorn-49792.exe
1804	Unicorn-38931.exe
1308	Unicorn-20457.exe
2060	Unicorn-31317.exe
2732	Unicorn-10150.exe
2924	Unicorn-65381.exe
2544	Unicorn-63990.exe
2760	Unicorn-2537.exe
2592	Unicorn-42823.exe
1756	Unicorn-16181.exe
1760	Unicorn-49600.exe
2292	Unicorn-3113.exe
756	Unicorn-35999.exe
2904	Unicorn-64587.exe
2748	Unicorn-32469.exe
2116	Unicorn-58365.exe
324	Unicorn-43975.exe
2056	Unicorn-48059.exe
1488	Unicorn-57851.exe
948	Unicorn-64395.exe
1480	Unicorn-57851.exe
852	Unicorn-4011.exe
1784	Unicorn-8650.exe
984	Unicorn-23040.exe
1080	Unicorn-45921.exe
1856	Unicorn-39376.exe
1872	Unicorn-59242.exe
2252	Unicorn-4566.exe
1044	Unicorn-14125.exe
892	Unicorn-44852.exe
860	Unicorn-44852.exe
1616	Unicorn-5957.exe
2988	Unicorn-55713.exe
2632	Unicorn-54556.exe
2836	Unicorn-32552.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exeUnicorn-4872.exeUnicorn-39730.exeUnicorn-7612.exeUnicorn-57218.exeUnicorn-2542.exeUnicorn-51826.exeUnicorn-22491.exe

description	pid	process	target process
PID 2972 wrote to memory of 1276	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-4872.exe
PID 2972 wrote to memory of 1276	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-4872.exe
PID 2972 wrote to memory of 1276	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-4872.exe
PID 2972 wrote to memory of 1276	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-4872.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-4872.exe	Unicorn-39730.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-4872.exe	Unicorn-39730.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-4872.exe	Unicorn-39730.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-4872.exe	Unicorn-39730.exe
PID 2972 wrote to memory of 2624	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-7612.exe
PID 2972 wrote to memory of 2624	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-7612.exe
PID 2972 wrote to memory of 2624	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-7612.exe
PID 2972 wrote to memory of 2624	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	Unicorn-7612.exe
PID 2972 wrote to memory of 2672	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	WerFault.exe
PID 2972 wrote to memory of 2672	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	WerFault.exe
PID 2972 wrote to memory of 2672	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	WerFault.exe
PID 2972 wrote to memory of 2672	2972	288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe	WerFault.exe
PID 2152 wrote to memory of 1832	2152	Unicorn-39730.exe	Unicorn-57218.exe
PID 2152 wrote to memory of 1832	2152	Unicorn-39730.exe	Unicorn-57218.exe
PID 2152 wrote to memory of 1832	2152	Unicorn-39730.exe	Unicorn-57218.exe
PID 2152 wrote to memory of 1832	2152	Unicorn-39730.exe	Unicorn-57218.exe
PID 1276 wrote to memory of 2804	1276	Unicorn-4872.exe	Unicorn-2542.exe
PID 1276 wrote to memory of 2804	1276	Unicorn-4872.exe	Unicorn-2542.exe
PID 1276 wrote to memory of 2804	1276	Unicorn-4872.exe	Unicorn-2542.exe
PID 1276 wrote to memory of 2804	1276	Unicorn-4872.exe	Unicorn-2542.exe
PID 1276 wrote to memory of 2540	1276	Unicorn-4872.exe	WerFault.exe
PID 1276 wrote to memory of 2540	1276	Unicorn-4872.exe	WerFault.exe
PID 1276 wrote to memory of 2540	1276	Unicorn-4872.exe	WerFault.exe
PID 1276 wrote to memory of 2540	1276	Unicorn-4872.exe	WerFault.exe
PID 2624 wrote to memory of 3020	2624	Unicorn-7612.exe	Unicorn-51826.exe
PID 2624 wrote to memory of 3020	2624	Unicorn-7612.exe	Unicorn-51826.exe
PID 2624 wrote to memory of 3020	2624	Unicorn-7612.exe	Unicorn-51826.exe
PID 2624 wrote to memory of 3020	2624	Unicorn-7612.exe	Unicorn-51826.exe
PID 1832 wrote to memory of 308	1832	Unicorn-57218.exe	Unicorn-22491.exe
PID 1832 wrote to memory of 308	1832	Unicorn-57218.exe	Unicorn-22491.exe
PID 1832 wrote to memory of 308	1832	Unicorn-57218.exe	Unicorn-22491.exe
PID 1832 wrote to memory of 308	1832	Unicorn-57218.exe	Unicorn-22491.exe
PID 2804 wrote to memory of 3012	2804	Unicorn-2542.exe	Unicorn-10238.exe
PID 2804 wrote to memory of 3012	2804	Unicorn-2542.exe	Unicorn-10238.exe
PID 2804 wrote to memory of 3012	2804	Unicorn-2542.exe	Unicorn-10238.exe
PID 2804 wrote to memory of 3012	2804	Unicorn-2542.exe	Unicorn-10238.exe
PID 2152 wrote to memory of 2984	2152	Unicorn-39730.exe	Unicorn-25183.exe
PID 2152 wrote to memory of 2984	2152	Unicorn-39730.exe	Unicorn-25183.exe
PID 2152 wrote to memory of 2984	2152	Unicorn-39730.exe	Unicorn-25183.exe
PID 2152 wrote to memory of 2984	2152	Unicorn-39730.exe	Unicorn-25183.exe
PID 2624 wrote to memory of 1668	2624	Unicorn-7612.exe	WerFault.exe
PID 2624 wrote to memory of 1668	2624	Unicorn-7612.exe	WerFault.exe
PID 2624 wrote to memory of 1668	2624	Unicorn-7612.exe	WerFault.exe
PID 2624 wrote to memory of 1668	2624	Unicorn-7612.exe	WerFault.exe
PID 2152 wrote to memory of 1708	2152	Unicorn-39730.exe	WerFault.exe
PID 2152 wrote to memory of 1708	2152	Unicorn-39730.exe	WerFault.exe
PID 2152 wrote to memory of 1708	2152	Unicorn-39730.exe	WerFault.exe
PID 2152 wrote to memory of 1708	2152	Unicorn-39730.exe	WerFault.exe
PID 3020 wrote to memory of 2580	3020	Unicorn-51826.exe	Unicorn-19559.exe
PID 3020 wrote to memory of 2580	3020	Unicorn-51826.exe	Unicorn-19559.exe
PID 3020 wrote to memory of 2580	3020	Unicorn-51826.exe	Unicorn-19559.exe
PID 3020 wrote to memory of 2580	3020	Unicorn-51826.exe	Unicorn-19559.exe
PID 308 wrote to memory of 2824	308	Unicorn-22491.exe	Unicorn-26658.exe
PID 308 wrote to memory of 2824	308	Unicorn-22491.exe	Unicorn-26658.exe
PID 308 wrote to memory of 2824	308	Unicorn-22491.exe	Unicorn-26658.exe
PID 308 wrote to memory of 2824	308	Unicorn-22491.exe	Unicorn-26658.exe
PID 1832 wrote to memory of 1692	1832	Unicorn-57218.exe	Unicorn-64161.exe
PID 1832 wrote to memory of 1692	1832	Unicorn-57218.exe	Unicorn-64161.exe
PID 1832 wrote to memory of 1692	1832	Unicorn-57218.exe	Unicorn-64161.exe
PID 1832 wrote to memory of 1692	1832	Unicorn-57218.exe	Unicorn-64161.exe

C:\Users\Admin\AppData\Local\Temp\288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe
"C:\Users\Admin\AppData\Local\Temp\288fe005a7e777f5e72e943cb684791a362ba1dd0d3aaa2c8afa079588905f30.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        10⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        11⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
        12⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        13⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        14⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        14⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 220
        14⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
        13⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        12⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        11⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        11⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        12⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        13⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        13⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        12⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        11⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
        10⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        9⤵
        Program crash
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
        12⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        13⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        13⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        11⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
        12⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        9⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        8⤵
        Program crash
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        9⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        11⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        12⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        13⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
        14⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        13⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        12⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        11⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        12⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        12⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        10⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        10⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        11⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        12⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        13⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
        13⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        12⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        11⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        10⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        9⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        10⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        11⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        12⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        13⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        12⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        11⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        12⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        11⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        9⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        8⤵
        Program crash
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        Program crash
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        11⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        12⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        13⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        13⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        12⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        11⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        10⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13915.exe
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        12⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        13⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        12⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        9⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        11⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        12⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        13⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        Program crash
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        8⤵
        Program crash
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
        9⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        11⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        12⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        11⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        8⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        7⤵
        Program crash
        
        PID:876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        6⤵
        Program crash
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        8⤵
        Program crash
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        10⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        11⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        12⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        13⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        12⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        11⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        11⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        12⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 236
        12⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        11⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        10⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13412.exe
        10⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30341.exe
        11⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        12⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11308 -s 216
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 236
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        10⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        8⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        7⤵
        Program crash
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        11⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        12⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41379.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        11⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        10⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        11⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 220
        11⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        10⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        9⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        8⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:2876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        6⤵
        Program crash
        
        PID:1664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        11⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        12⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        13⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        14⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        14⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
        13⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        11⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        11⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        12⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        10⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        9⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        10⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        11⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        12⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        12⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        10⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        9⤵
        Program crash
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        8⤵
        Program crash
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        12⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        11⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
        11⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        8⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        7⤵
        Program crash
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        12⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        11⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 220
        10⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        9⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        8⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        11⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 220
        11⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        8⤵
        Program crash
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        7⤵
        Program crash
        
        PID:2012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        6⤵
        Program crash
        
        PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        12⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        11⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        11⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        11⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        11⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
        8⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17014.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        10⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        11⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        10⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        9⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        10⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        10⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 220
        9⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        8⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        7⤵
        
        PID:4840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:1992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        5⤵
        Program crash
        
        PID:2192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        10⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
        11⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        12⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        13⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        11⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 220
        11⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        10⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
        9⤵
        Program crash
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
        12⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 220
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        9⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        8⤵
        Program crash
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        12⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        11⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        11⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 220
        8⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        7⤵
        Program crash
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        11⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        12⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        10⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
        9⤵
        Program crash
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        11⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        10⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        10⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        11⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        10⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        10⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        7⤵
        Program crash
        
        PID:1292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        6⤵
        Program crash
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37486.exe
        11⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 220
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        9⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
        8⤵
        Program crash
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        10⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        11⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        11⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 216
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        Program crash
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        11⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 236
        10⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 216
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        9⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        10⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        10⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        9⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        8⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        
        PID:4620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        6⤵
        Program crash
        
        PID:980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        5⤵
        Program crash
        
        PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 380
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        10⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        11⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22417.exe
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        9⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25992.exe
        10⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
        10⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 220
        9⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        8⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 220
        7⤵
        Program crash
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        6⤵
        Program crash
        
        PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        5⤵
        Program crash
        
        PID:1592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        11⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        12⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        12⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        10⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        11⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        10⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        11⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        11⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
        8⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        6⤵
        Program crash
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        7⤵
        Executes dropped EXE
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        11⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        12⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 220
        12⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        11⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        10⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        10⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        11⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        8⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        7⤵
        Program crash
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        10⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        11⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        12⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 236
        12⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        10⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        10⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
        9⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        7⤵
        Program crash
        
        PID:3836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
        6⤵
        Program crash
        
        PID:304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        5⤵
        Program crash
        
        PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        11⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        12⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 236
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        9⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        10⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        11⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
        11⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
        10⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        9⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        10⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        11⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        10⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        8⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        6⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
        10⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        11⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        10⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        9⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        10⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        9⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        8⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
        7⤵
        Program crash
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        6⤵
        Program crash
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        10⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        11⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        11⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        10⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        10⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        9⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        7⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3334.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        9⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        10⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        10⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        9⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        8⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        7⤵
        
        PID:4188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        6⤵
        Program crash
        
        PID:3176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        5⤵
        Program crash
        
        PID:2724
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
      4⤵
      Program crash
      PID:1932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe

Filesize
184KB

MD5
d35a2095a4b5a602f79080f03458717c

SHA1
2dafd846a29a6e9cebc02f12420c79ebe5686bb2

SHA256
f1f9d1ea2e8d5420429a26e6c830f8ef4c0e5d8260335792e660c378d4589121

SHA512
eea42c8b8ee6e4d86dfff4d9e52b96586aa956e2f67d05fd38fa93eac9dde6e6a47fe63a323c985593396c02f60447f0e115fdad72d7016eb54341b53fca2c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe

Filesize
184KB

MD5
45143c93fe7ebda59953756006be59c9

SHA1
8d2241e384fa89cae5a88f6c56ab5e263a26ca06

SHA256
8c119de2fee4f4daf1ed333a7d750a042c2a6701a17d7b7b9fcb8a761bd273d7

SHA512
61665b65534b5e745b9a6f6a2f7dfea025725f8ba98abecd2d14702ad3b0231e44a048a427af758d8a1c54b988c526836b3d076235e2fb921ecb6a80806425b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe

Filesize
184KB

MD5
a4d12fd3d5989c58fcde7083f94d4b11

SHA1
5382a5fa532c0e4022bb9c26ad9640ff074b84a3

SHA256
525c36b5c8e4d39f7ec648b222d08f46fdac8e17799832d1b71b30480e050644

SHA512
847db7691fc643e05898288330f2d65e866869b81df262d91dfcb034d0a4158c164ea709a33f0079e061dbbfded6f6c48e0d401620c473dfb8bdc6979e3d84a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe

Filesize
184KB

MD5
8bf82b629ea90903665decfaa156816c

SHA1
ebffb4c0cd78c95099cfbf40cb685a4765d7316e

SHA256
72d914a956891135755e84178ceb6adf6820ffa3ff7e7a281070ad4c6750df9c

SHA512
2f8f80f8b7a6a55f22b1cf30e79e7de290bbc7e411c8e74828cb8ac98a5726bd651a8dc7e8ec143f940edafed87ed620fb2b3aea8b3bb7ea75dc924cdf474117

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe

Filesize
184KB

MD5
0a00138a8242e393a370422b2747f9f0

SHA1
4e959ecfc56771b9045d39addee20298cb770aa1

SHA256
9bb323babf32882595848472178865ea51f813769794b85bb4ff603bb7262b66

SHA512
4069443e88cd56d314e48a9403705e80cdf6ad7448eb5b8be50de1617d64d75aba0b51c42d2889cf08492bdba047ee799872be7e0cfdbca1ffd47768f9b119ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe

Filesize
184KB

MD5
19ad54100a960ab36c31937ac9e973ab

SHA1
d9ed4937ab245586947496541dde3865967d9986

SHA256
d3079f3251e741a28b57fb664ce95c6d357d65fdb0eaac33df98311f5de118a3

SHA512
6596f989383196feabec97673da0c7b17cd6c246feeb5d3c396b2913ebd80d5aa05ff70b837ed1778a27275f8e9420ed1e72585c06b2ea6a30ae57b4c48b220e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe

Filesize
184KB

MD5
e7996130984c9cbd36b502e8c54fdd5a

SHA1
826bafb414d57d8d7279cb05b07ef46c5e3a81d1

SHA256
25dacce66ef57ddbd5f7439d24cf29dfac5693327af95756b3b03491954eb019

SHA512
d38ca844582d25f2607334bad55979c1a56c876804f7dcd0727cd2340542f184d537abc01383ca6e5698f0fea1cbb177333976cd7a75cbb8792a2e4019a8b7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe

Filesize
184KB

MD5
60da636d843a5d1d41f675a769e51a56

SHA1
ef4428142dde496124d674670e1f5ac4c7fd75a2

SHA256
c91507820b9f87dae05835c52840bee6a62327a49b4dac15a7bc3e24ea97541e

SHA512
7e97ecbcdb4c996f0893714c893e8f50418ebfc19fc5f26406acfbc5879a687a3a93e5007b6b9f45b6c56cb4ca2befc63c5912de36520da1d81209a10922979d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe

Filesize
184KB

MD5
e06205cf90692bc670ea7b9637f31782

SHA1
acd3903238493888c857ebb35623fb5ba0c17376

SHA256
715021380803f5e1d531305142db424d349958a39d0ac08915dddcf1f516f21f

SHA512
bf6aea75bf60c36389babeeeffb9990bd17e250e1bd64bcb89ae1015d9fc367c9269af8a9b797e7cb46b67cac061b4714da932cd75ba22a756e9b70848490f11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe

Filesize
184KB

MD5
59db7a816f1ef30066dbf652e8c02522

SHA1
a1175b8a42f53ed9329c65331c82666723166642

SHA256
7276ac24d722bcd3357f457709adcf3f5c060cb9fb86034f2d9fbe9f7c9f3f26

SHA512
ff96733d4eb7e53392a6b17112a4b3762ffd41184012021ef5fcf3ca405cea07da8c6f88c8f75b42f4f738ee2bbde0e9b69ac4dae9d9d5fb35fabbedfeac00f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe

Filesize
184KB

MD5
0e314f124b772cdfa5d69a8aef09dfaa

SHA1
4152f075ef80f399e99983d12d38c49854ff8a5b

SHA256
fdecaae4ad350e0c8d4464eab992f6f6ab9f8fa63d6e6d4df88f427e775ff5e1

SHA512
0017aac5462379c3f08e54e10c97045a2b34724afcf6e0aba8015835922c466b1c6c909ddae1252e2d50fe4f5ea4845e73716f1ea661f55ec9e9c425ad5947e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe

Filesize
184KB

MD5
dbfdbed817d807d2cfd10c0ffbe48186

SHA1
931520a6ec04e1d46e357e66afa5d2849a1ea7fe

SHA256
c166c650b372bc6afa35b3f3065162e133218ac2c12e2212af45a28f9b2f6932

SHA512
320282cb6fb301de7cd7ac5be72a42e66b02b323ca42fbb4bcd4aa32ac77d14503ea4cc4c00839f195a7dfc465e33b50c66fee8081b3a088b3cf61d72417073d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe

Filesize
184KB

MD5
ce4127aa2b00b6692cf61220d7009019

SHA1
548b565fa268cbdf3797c0d82b39721ad2a02d79

SHA256
57f2e68b871181f498beff26557a4f5ede37f5dd2b43c96d5173251486cc0545

SHA512
e4198da2fb6a1158da38fff43ce56cf71a599b4863f9434c8a3bdfb968af873de99500189904308c79418503091e79f03a099d42e114ee950c881b74e74dc615

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe

Filesize
184KB

MD5
1392b7190d3ffdf4565d70f7f0302318

SHA1
29e78378adafa6e41741213fb19ae32962c321d0

SHA256
6ba5468a9619d4cf6954c0fc9e44ced8a44860252bbd3bccd584f7c3ee9dc7bf

SHA512
82d51f065262319ac1c326c6cb78743148d155b53cdb10fcfe170bf9871a112a15967b1eeabca66f1b2a82fa076f4ce0328551307c86bc447d1bd121dc018327

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe

Filesize
184KB

MD5
1cfdb7dff93977f99e79597859dc4957

SHA1
e36e617b81115664af2b4035d0897e0da1859b0f

SHA256
979e8cb26a9b8c8e1759bf7488c4ca882245dde19b34ce140bdf1e8cd8552970

SHA512
71a5b0d67f97f3d149e79ba05654f86295aa30acb3ef6aaaf8e8ec0cf007a15d0f8c61fab591bfe560e856bdf3875a05aa9a2a0f33a9336da149c134ab663725

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe

Filesize
184KB

MD5
4f2d2eedac86dd21095e2128635afa69

SHA1
8e946ec5a3ba26669ab5302941d1896af7fa4def

SHA256
1ed5538816fc2f57cb3a6815d3426c09ff979b0c7ba611f5b36ce3eac6745f11

SHA512
418e0c9dc87a93841e999535b34e6ecc11a75f49164a6354e12d3a823fcb30d94cd78bf9b695037bf8aa0f6b2a90d810666978aa7930af4afd75d52a63c3237b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe

Filesize
184KB

MD5
bc337a06ce1b7146e67b8483f499f034

SHA1
1cce5ed221ff63780709b3336f2ee32918d01383

SHA256
07f238277f9ea3b0f24e917f92831a676ddb6aeb38136e6fee9c91f718f13073

SHA512
bf45ffce49253f72f996c8c0a339fefc7fe21c22250d4a323f0dad6d90b0475eadeaeab474883179172a6f2310cf6b5fc9641a5a323075196867e9dab4447897

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe

Filesize
184KB

MD5
83c757f061ffbb6306f38f6f6eec9b20

SHA1
086629d14cbd5f27bfa9b430d278926fbaf92514

SHA256
07f71b93ec777747a1288cd3dcee470d4f6f4409dc297f067f6952a2473dd2aa

SHA512
7eb13933c2f62ae79cce874f48c637d14e01b9fcb7136c7ef05c30dd355d38610cc29a28f776a953cd37fa54f52904987c3c6180bd001793ee7cc21abe472eb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe

Filesize
184KB

MD5
ca7afe1b87e9f4f1a2100c9f0031ceac

SHA1
fd33e0de20e0d4ba08e54d5e9b95f35384a879ec

SHA256
46c127aa59594d7f41b4f1d7a05f1b03e54d7a2023ec40dba1368082e1fc907f

SHA512
53fc3f1e47240da0a2b2c4828c3486803cbd9c118d4ae0d39ca5a08803c67b42848a6ef26bd587f6dad6cd87b5eb7852988e3d77ff4e692b6f45e06d76782d76

Download Submit