3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
Size

184KB
MD5

3d0ef860e144557890582db10813e5d3
SHA1

b65d624a060efd6f13498b082154097c851394d7
SHA256

3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef
SHA512

f53abdacdb49b577c000d1ca9146008b6d2737326c8c1cddf04fc76267f5f5b8a1d6e34e83828556d5daf8449744208839b3bda011ee01c0aaef5b6ab34654e1
SSDEEP

3072:Y0qmy6o37IOjdHHWeVfLkjs3hlnniFSn3:Y0vohZHHzLWs3hlnniFS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-33072.exeUnicorn-48422.exeUnicorn-59283.exeUnicorn-34271.exeUnicorn-7628.exeUnicorn-18489.exeUnicorn-17826.exeUnicorn-48552.exeUnicorn-28686.exeUnicorn-54774.exeUnicorn-34908.exeUnicorn-13523.exeUnicorn-3964.exeUnicorn-54556.exeUnicorn-7301.exeUnicorn-59517.exeUnicorn-22246.exeUnicorn-21775.exeUnicorn-5993.exeUnicorn-10077.exeUnicorn-48417.exeUnicorn-32635.exeUnicorn-17691.exeUnicorn-54447.exeUnicorn-38665.exeUnicorn-58531.exeUnicorn-31889.exeUnicorn-12023.exeUnicorn-17774.exeUnicorn-28634.exeUnicorn-58806.exeUnicorn-23996.exeUnicorn-50446.exeUnicorn-15636.exeUnicorn-14244.exeUnicorn-17582.exeUnicorn-28442.exeUnicorn-21666.exeUnicorn-21666.exeUnicorn-38748.exeUnicorn-38748.exeUnicorn-62698.exeUnicorn-8022.exeUnicorn-23804.exeUnicorn-23947.exeUnicorn-34253.exeUnicorn-49198.exeUnicorn-42421.exeUnicorn-13640.exeUnicorn-63396.exeUnicorn-28585.exeUnicorn-25893.exeUnicorn-36753.exeUnicorn-47060.exeUnicorn-1388.exeUnicorn-48705.exeUnicorn-59333.exeUnicorn-9063.exeUnicorn-65041.exeUnicorn-65041.exeUnicorn-50096.exeUnicorn-34314.exeUnicorn-27538.exeUnicorn-64294.exe

pid	process
1912	Unicorn-33072.exe
2572	Unicorn-48422.exe
2612	Unicorn-59283.exe
2496	Unicorn-34271.exe
2792	Unicorn-7628.exe
2472	Unicorn-18489.exe
1488	Unicorn-17826.exe
2692	Unicorn-48552.exe
2448	Unicorn-28686.exe
1552	Unicorn-54774.exe
2160	Unicorn-34908.exe
1396	Unicorn-13523.exe
2916	Unicorn-3964.exe
1200	Unicorn-54556.exe
2236	Unicorn-7301.exe
476	Unicorn-59517.exe
688	Unicorn-22246.exe
2988	Unicorn-21775.exe
1096	Unicorn-5993.exe
2648	Unicorn-10077.exe
1680	Unicorn-48417.exe
1516	Unicorn-32635.exe
988	Unicorn-17691.exe
3064	Unicorn-54447.exe
1032	Unicorn-38665.exe
2064	Unicorn-58531.exe
2304	Unicorn-31889.exe
984	Unicorn-12023.exe
1208	Unicorn-17774.exe
2120	Unicorn-28634.exe
2744	Unicorn-58806.exe
2604	Unicorn-23996.exe
2500	Unicorn-50446.exe
2540	Unicorn-15636.exe
2904	Unicorn-14244.exe
2636	Unicorn-17582.exe
884	Unicorn-28442.exe
1536	Unicorn-21666.exe
1636	Unicorn-21666.exe
2364	Unicorn-38748.exe
756	Unicorn-38748.exe
544	Unicorn-62698.exe
2368	Unicorn-8022.exe
1196	Unicorn-23804.exe
2184	Unicorn-23947.exe
2560	Unicorn-34253.exe
2228	Unicorn-49198.exe
1068	Unicorn-42421.exe
980	Unicorn-13640.exe
836	Unicorn-63396.exe
2000	Unicorn-28585.exe
1968	Unicorn-25893.exe
812	Unicorn-36753.exe
1004	Unicorn-47060.exe
900	Unicorn-1388.exe
2060	Unicorn-48705.exe
2796	Unicorn-59333.exe
1880	Unicorn-9063.exe
2108	Unicorn-65041.exe
2172	Unicorn-65041.exe
3032	Unicorn-50096.exe
2616	Unicorn-34314.exe
2284	Unicorn-27538.exe
2512	Unicorn-64294.exe

Loads dropped DLL 64 IoCs

Processes:

3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exeUnicorn-33072.exeUnicorn-48422.exeUnicorn-59283.exeWerFault.exeUnicorn-7628.exeUnicorn-34271.exeUnicorn-18489.exeWerFault.exeWerFault.exeUnicorn-17826.exeUnicorn-28686.exeUnicorn-34908.exeUnicorn-54774.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
1912	Unicorn-33072.exe
3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
1912	Unicorn-33072.exe
3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
2572	Unicorn-48422.exe
2612	Unicorn-59283.exe
2572	Unicorn-48422.exe
2612	Unicorn-59283.exe
1912	Unicorn-33072.exe
1912	Unicorn-33072.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2792	Unicorn-7628.exe
2792	Unicorn-7628.exe
2612	Unicorn-59283.exe
2496	Unicorn-34271.exe
2612	Unicorn-59283.exe
2496	Unicorn-34271.exe
2572	Unicorn-48422.exe
2572	Unicorn-48422.exe
2472	Unicorn-18489.exe
2472	Unicorn-18489.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe
1624	WerFault.exe
2268	WerFault.exe
1488	Unicorn-17826.exe
1488	Unicorn-17826.exe
2792	Unicorn-7628.exe
2792	Unicorn-7628.exe
2448	Unicorn-28686.exe
2448	Unicorn-28686.exe
2160	Unicorn-34908.exe
2160	Unicorn-34908.exe
1552	Unicorn-54774.exe
2496	Unicorn-34271.exe
1552	Unicorn-54774.exe
2496	Unicorn-34271.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
2696	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
1408	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
1408	WerFault.exe
2428	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2340	3028	WerFault.exe	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
2924	1912	WerFault.exe	Unicorn-33072.exe
2268	2572	WerFault.exe	Unicorn-48422.exe
1624	2612	WerFault.exe	Unicorn-59283.exe
2696	2792	WerFault.exe	Unicorn-7628.exe
1408	2496	WerFault.exe	Unicorn-34271.exe
2428	2472	WerFault.exe	Unicorn-18489.exe
2140	1488	WerFault.exe	Unicorn-17826.exe
1180	2448	WerFault.exe	Unicorn-28686.exe
1480	2160	WerFault.exe	Unicorn-34908.exe
2292	2692	WerFault.exe	Unicorn-48552.exe
1588	1552	WerFault.exe	Unicorn-54774.exe
1664	1396	WerFault.exe	Unicorn-13523.exe
1924	1200	WerFault.exe	Unicorn-54556.exe
1448	2916	WerFault.exe	Unicorn-3964.exe
1528	2236	WerFault.exe	Unicorn-7301.exe
2900	476	WerFault.exe	Unicorn-59517.exe
2088	688	WerFault.exe	Unicorn-22246.exe
2032	2988	WerFault.exe	Unicorn-21775.exe
2216	1096	WerFault.exe	Unicorn-5993.exe
536	2648	WerFault.exe	Unicorn-10077.exe
2844	1516	WerFault.exe	Unicorn-32635.exe
1392	1680	WerFault.exe	Unicorn-48417.exe
2328	3064	WerFault.exe	Unicorn-54447.exe
1292	984	WerFault.exe	Unicorn-12023.exe
1280	988	WerFault.exe	Unicorn-17691.exe
2144	2064	WerFault.exe	Unicorn-58531.exe
1572	2304	WerFault.exe	Unicorn-31889.exe
1700	1032	WerFault.exe	Unicorn-38665.exe
2084	2120	WerFault.exe	Unicorn-28634.exe
1596	2604	WerFault.exe	Unicorn-23996.exe
2932	2744	WerFault.exe	Unicorn-58806.exe
2488	2500	WerFault.exe	Unicorn-50446.exe
1872	1636	WerFault.exe	Unicorn-21666.exe
2204	1208	WerFault.exe	Unicorn-17774.exe
1352	1536	WerFault.exe	Unicorn-21666.exe
1592	1196	WerFault.exe	Unicorn-23804.exe
2908	2368	WerFault.exe	Unicorn-8022.exe
2688	544	WerFault.exe	Unicorn-62698.exe
3300	2540	WerFault.exe	Unicorn-15636.exe
3364	2904	WerFault.exe	Unicorn-14244.exe
3388	756	WerFault.exe	Unicorn-38748.exe
3772	2364	WerFault.exe	Unicorn-38748.exe
3860	2184	WerFault.exe	Unicorn-23947.exe
3924	2560	WerFault.exe	Unicorn-34253.exe
3288	2228	WerFault.exe	Unicorn-49198.exe
3512	2060	WerFault.exe	Unicorn-48705.exe
3604	2636	WerFault.exe	Unicorn-17582.exe
3624	884	WerFault.exe	Unicorn-28442.exe
3668	812	WerFault.exe	Unicorn-36753.exe
3740	2512	WerFault.exe	Unicorn-64294.exe
3744	2420	WerFault.exe	Unicorn-41736.exe
3756	2284	WerFault.exe	Unicorn-27538.exe
3748	3032	WerFault.exe	Unicorn-50096.exe
3792	1884	WerFault.exe	Unicorn-56681.exe
3896	1880	WerFault.exe	Unicorn-9063.exe
3932	1780	WerFault.exe	Unicorn-11009.exe
3940	2528	WerFault.exe	Unicorn-13702.exe
3136	752	WerFault.exe	Unicorn-293.exe
4000	1604	WerFault.exe	Unicorn-36282.exe
3804	2296	WerFault.exe	Unicorn-26722.exe
3264	980	WerFault.exe	Unicorn-13640.exe
3980	1716	WerFault.exe	Unicorn-29484.exe
3724	2172	WerFault.exe	Unicorn-65041.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exeUnicorn-33072.exeUnicorn-48422.exeUnicorn-59283.exeUnicorn-34271.exeUnicorn-7628.exeUnicorn-18489.exeUnicorn-28686.exeUnicorn-17826.exeUnicorn-48552.exeUnicorn-34908.exeUnicorn-54774.exeUnicorn-13523.exeUnicorn-3964.exeUnicorn-54556.exeUnicorn-7301.exeUnicorn-22246.exeUnicorn-59517.exeUnicorn-21775.exeUnicorn-5993.exeUnicorn-10077.exeUnicorn-48417.exeUnicorn-32635.exeUnicorn-17691.exeUnicorn-54447.exeUnicorn-58531.exeUnicorn-38665.exeUnicorn-12023.exeUnicorn-31889.exeUnicorn-17774.exeUnicorn-28634.exeUnicorn-23996.exeUnicorn-58806.exeUnicorn-50446.exeUnicorn-15636.exeUnicorn-14244.exeUnicorn-17582.exeUnicorn-21666.exeUnicorn-28442.exeUnicorn-21666.exeUnicorn-38748.exeUnicorn-38748.exeUnicorn-62698.exeUnicorn-23804.exeUnicorn-8022.exeUnicorn-23947.exeUnicorn-34253.exeUnicorn-49198.exeUnicorn-42421.exeUnicorn-13640.exeUnicorn-63396.exeUnicorn-28585.exeUnicorn-25893.exeUnicorn-36753.exeUnicorn-47060.exeUnicorn-48705.exeUnicorn-59333.exeUnicorn-9063.exeUnicorn-65041.exeUnicorn-50096.exeUnicorn-65041.exeUnicorn-34314.exeUnicorn-27538.exeUnicorn-64294.exe

pid	process
3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
1912	Unicorn-33072.exe
2572	Unicorn-48422.exe
2612	Unicorn-59283.exe
2496	Unicorn-34271.exe
2792	Unicorn-7628.exe
2472	Unicorn-18489.exe
2448	Unicorn-28686.exe
1488	Unicorn-17826.exe
2692	Unicorn-48552.exe
2160	Unicorn-34908.exe
1552	Unicorn-54774.exe
1396	Unicorn-13523.exe
2916	Unicorn-3964.exe
1200	Unicorn-54556.exe
2236	Unicorn-7301.exe
688	Unicorn-22246.exe
476	Unicorn-59517.exe
2988	Unicorn-21775.exe
1096	Unicorn-5993.exe
2648	Unicorn-10077.exe
1680	Unicorn-48417.exe
1516	Unicorn-32635.exe
988	Unicorn-17691.exe
3064	Unicorn-54447.exe
2064	Unicorn-58531.exe
1032	Unicorn-38665.exe
984	Unicorn-12023.exe
2304	Unicorn-31889.exe
1208	Unicorn-17774.exe
2120	Unicorn-28634.exe
2604	Unicorn-23996.exe
2744	Unicorn-58806.exe
2500	Unicorn-50446.exe
2540	Unicorn-15636.exe
2904	Unicorn-14244.exe
2636	Unicorn-17582.exe
1636	Unicorn-21666.exe
884	Unicorn-28442.exe
1536	Unicorn-21666.exe
2364	Unicorn-38748.exe
756	Unicorn-38748.exe
544	Unicorn-62698.exe
1196	Unicorn-23804.exe
2368	Unicorn-8022.exe
2184	Unicorn-23947.exe
2560	Unicorn-34253.exe
2228	Unicorn-49198.exe
1068	Unicorn-42421.exe
980	Unicorn-13640.exe
836	Unicorn-63396.exe
2000	Unicorn-28585.exe
1968	Unicorn-25893.exe
812	Unicorn-36753.exe
1004	Unicorn-47060.exe
2060	Unicorn-48705.exe
2796	Unicorn-59333.exe
1880	Unicorn-9063.exe
2108	Unicorn-65041.exe
3032	Unicorn-50096.exe
2172	Unicorn-65041.exe
2616	Unicorn-34314.exe
2284	Unicorn-27538.exe
2512	Unicorn-64294.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exeUnicorn-33072.exeUnicorn-48422.exeUnicorn-59283.exeUnicorn-7628.exeUnicorn-34271.exeUnicorn-18489.exeUnicorn-17826.exe

description	pid	process	target process
PID 3028 wrote to memory of 1912	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-33072.exe
PID 3028 wrote to memory of 1912	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-33072.exe
PID 3028 wrote to memory of 1912	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-33072.exe
PID 3028 wrote to memory of 1912	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-33072.exe
PID 1912 wrote to memory of 2572	1912	Unicorn-33072.exe	Unicorn-48422.exe
PID 1912 wrote to memory of 2572	1912	Unicorn-33072.exe	Unicorn-48422.exe
PID 1912 wrote to memory of 2572	1912	Unicorn-33072.exe	Unicorn-48422.exe
PID 1912 wrote to memory of 2572	1912	Unicorn-33072.exe	Unicorn-48422.exe
PID 3028 wrote to memory of 2612	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-59283.exe
PID 3028 wrote to memory of 2612	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-59283.exe
PID 3028 wrote to memory of 2612	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-59283.exe
PID 3028 wrote to memory of 2612	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	Unicorn-59283.exe
PID 3028 wrote to memory of 2340	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	WerFault.exe
PID 3028 wrote to memory of 2340	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	WerFault.exe
PID 3028 wrote to memory of 2340	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	WerFault.exe
PID 3028 wrote to memory of 2340	3028	3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe	WerFault.exe
PID 2572 wrote to memory of 2496	2572	Unicorn-48422.exe	Unicorn-34271.exe
PID 2572 wrote to memory of 2496	2572	Unicorn-48422.exe	Unicorn-34271.exe
PID 2572 wrote to memory of 2496	2572	Unicorn-48422.exe	Unicorn-34271.exe
PID 2572 wrote to memory of 2496	2572	Unicorn-48422.exe	Unicorn-34271.exe
PID 2612 wrote to memory of 2792	2612	Unicorn-59283.exe	Unicorn-7628.exe
PID 2612 wrote to memory of 2792	2612	Unicorn-59283.exe	Unicorn-7628.exe
PID 2612 wrote to memory of 2792	2612	Unicorn-59283.exe	Unicorn-7628.exe
PID 2612 wrote to memory of 2792	2612	Unicorn-59283.exe	Unicorn-7628.exe
PID 1912 wrote to memory of 2472	1912	Unicorn-33072.exe	Unicorn-18489.exe
PID 1912 wrote to memory of 2472	1912	Unicorn-33072.exe	Unicorn-18489.exe
PID 1912 wrote to memory of 2472	1912	Unicorn-33072.exe	Unicorn-18489.exe
PID 1912 wrote to memory of 2472	1912	Unicorn-33072.exe	Unicorn-18489.exe
PID 1912 wrote to memory of 2924	1912	Unicorn-33072.exe	WerFault.exe
PID 1912 wrote to memory of 2924	1912	Unicorn-33072.exe	WerFault.exe
PID 1912 wrote to memory of 2924	1912	Unicorn-33072.exe	WerFault.exe
PID 1912 wrote to memory of 2924	1912	Unicorn-33072.exe	WerFault.exe
PID 2792 wrote to memory of 1488	2792	Unicorn-7628.exe	Unicorn-17826.exe
PID 2792 wrote to memory of 1488	2792	Unicorn-7628.exe	Unicorn-17826.exe
PID 2792 wrote to memory of 1488	2792	Unicorn-7628.exe	Unicorn-17826.exe
PID 2792 wrote to memory of 1488	2792	Unicorn-7628.exe	Unicorn-17826.exe
PID 2612 wrote to memory of 2448	2612	Unicorn-59283.exe	Unicorn-28686.exe
PID 2612 wrote to memory of 2448	2612	Unicorn-59283.exe	Unicorn-28686.exe
PID 2612 wrote to memory of 2448	2612	Unicorn-59283.exe	Unicorn-28686.exe
PID 2612 wrote to memory of 2448	2612	Unicorn-59283.exe	Unicorn-28686.exe
PID 2496 wrote to memory of 2692	2496	Unicorn-34271.exe	Unicorn-48552.exe
PID 2496 wrote to memory of 2692	2496	Unicorn-34271.exe	Unicorn-48552.exe
PID 2496 wrote to memory of 2692	2496	Unicorn-34271.exe	Unicorn-48552.exe
PID 2496 wrote to memory of 2692	2496	Unicorn-34271.exe	Unicorn-48552.exe
PID 2572 wrote to memory of 2160	2572	Unicorn-48422.exe	Unicorn-34908.exe
PID 2572 wrote to memory of 2160	2572	Unicorn-48422.exe	Unicorn-34908.exe
PID 2572 wrote to memory of 2160	2572	Unicorn-48422.exe	Unicorn-34908.exe
PID 2572 wrote to memory of 2160	2572	Unicorn-48422.exe	Unicorn-34908.exe
PID 2472 wrote to memory of 1552	2472	Unicorn-18489.exe	Unicorn-54774.exe
PID 2472 wrote to memory of 1552	2472	Unicorn-18489.exe	Unicorn-54774.exe
PID 2472 wrote to memory of 1552	2472	Unicorn-18489.exe	Unicorn-54774.exe
PID 2472 wrote to memory of 1552	2472	Unicorn-18489.exe	Unicorn-54774.exe
PID 2572 wrote to memory of 2268	2572	Unicorn-48422.exe	WerFault.exe
PID 2572 wrote to memory of 2268	2572	Unicorn-48422.exe	WerFault.exe
PID 2572 wrote to memory of 2268	2572	Unicorn-48422.exe	WerFault.exe
PID 2572 wrote to memory of 2268	2572	Unicorn-48422.exe	WerFault.exe
PID 2612 wrote to memory of 1624	2612	Unicorn-59283.exe	WerFault.exe
PID 2612 wrote to memory of 1624	2612	Unicorn-59283.exe	WerFault.exe
PID 2612 wrote to memory of 1624	2612	Unicorn-59283.exe	WerFault.exe
PID 2612 wrote to memory of 1624	2612	Unicorn-59283.exe	WerFault.exe
PID 1488 wrote to memory of 1396	1488	Unicorn-17826.exe	Unicorn-13523.exe
PID 1488 wrote to memory of 1396	1488	Unicorn-17826.exe	Unicorn-13523.exe
PID 1488 wrote to memory of 1396	1488	Unicorn-17826.exe	Unicorn-13523.exe
PID 1488 wrote to memory of 1396	1488	Unicorn-17826.exe	Unicorn-13523.exe

C:\Users\Admin\AppData\Local\Temp\3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe
"C:\Users\Admin\AppData\Local\Temp\3fd20b321011184516f2071551184bc918a82aef0d082689b02a733e0791feef.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        11⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        12⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
        13⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        12⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        11⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        10⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
        9⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        11⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        12⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        13⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 204
        13⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        12⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        11⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        8⤵
        Program crash
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        12⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        13⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        13⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 220
        12⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        11⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        12⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        11⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        8⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
        7⤵
        Program crash
        
        PID:2216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        6⤵
        Program crash
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7153.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
        11⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        12⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        13⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        13⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        12⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        9⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        10⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        12⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        13⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        13⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 220
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        10⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        8⤵
        Program crash
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33708.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        11⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        12⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        13⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        13⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 220
        12⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
        11⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        11⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        13⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        12⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        11⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 220
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 220
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        10⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62172.exe
        11⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
        12⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 216
        8⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        7⤵
        Program crash
        
        PID:2908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        6⤵
        Program crash
        
        PID:2088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9063.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        12⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        13⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        14⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
        14⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        13⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        12⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        10⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        9⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        10⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        11⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 204
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        11⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 220
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        8⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        11⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
        12⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
        13⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        12⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        11⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        10⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        11⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        11⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
        12⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 220
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        8⤵
        Program crash
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        7⤵
        Program crash
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        11⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        12⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        13⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 220
        13⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        12⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        8⤵
        Program crash
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        11⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        12⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 236
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        Program crash
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        6⤵
        Program crash
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        8⤵
        
        PID:752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
        9⤵
        Program crash
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        8⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        11⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 220
        12⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
        7⤵
        Program crash
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        8⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        7⤵
        Program crash
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        6⤵
        Program crash
        
        PID:1700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        5⤵
        Program crash
        
        PID:1480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 188
        12⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        9⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        8⤵
        Program crash
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        11⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        12⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        13⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        12⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        10⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        11⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 220
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
        7⤵
        Program crash
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        12⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        13⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        13⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 220
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        11⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        8⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        10⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        11⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        11⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        8⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 240
        6⤵
        Program crash
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        8⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        12⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        13⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
        13⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        12⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
        11⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        11⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 220
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        8⤵
        Program crash
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        7⤵
        Program crash
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        11⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        9⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
        10⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        11⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 204
        11⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 220
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        8⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        7⤵
        
        PID:4556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 220
        6⤵
        Program crash
        
        PID:1292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        5⤵
        Program crash
        
        PID:1588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        10⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        12⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        13⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        14⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        14⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        13⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        12⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        11⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        12⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
        13⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 220
        12⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        11⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58270.exe
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
        12⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
        8⤵
        Program crash
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        11⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        12⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 204
        13⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 220
        12⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        12⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 236
        11⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        10⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        7⤵
        Program crash
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        12⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        13⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        14⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        14⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 220
        13⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        12⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
        11⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        10⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        9⤵
        Program crash
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22721.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        12⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        13⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 236
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 236
        12⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        8⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
        12⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        13⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        13⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
        11⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        7⤵
        Program crash
        
        PID:2084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
        6⤵
        Program crash
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        12⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        13⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        14⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
        14⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        13⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
        12⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        11⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        11⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        12⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        12⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        13⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        13⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 220
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        11⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        9⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        Program crash
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        10⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        11⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        12⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
        11⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        11⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
        12⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        11⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 220
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        11⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 220
        11⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        7⤵
        Program crash
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        11⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        11⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        8⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        7⤵
        Program crash
        
        PID:3288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        5⤵
        Program crash
        
        PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        7⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        11⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        12⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
        8⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        7⤵
        Program crash
        
        PID:3668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
        6⤵
        Program crash
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        11⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        10⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 216
        8⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        7⤵
        Program crash
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        6⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        10⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
        11⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        10⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        9⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        8⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
        7⤵
        
        PID:4508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        6⤵
        Program crash
        
        PID:3388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        5⤵
        Program crash
        
        PID:1448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        7⤵
        Executes dropped EXE
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        12⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        13⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 236
        13⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        11⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        12⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        8⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        7⤵
        Program crash
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
        11⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        12⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 236
        12⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        10⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        7⤵
        Program crash
        
        PID:3512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
        6⤵
        Program crash
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        11⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        12⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 236
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        10⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        9⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 220
        11⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        10⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        9⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        7⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        9⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        10⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        10⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        9⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        8⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        7⤵
        
        PID:5304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        6⤵
        Program crash
        
        PID:3364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        5⤵
        Program crash
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        7⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        11⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 220
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
        10⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        9⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        10⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
        11⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        9⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        8⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        6⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        10⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 220
        11⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 220
        10⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        9⤵
        
        PID:860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        8⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        7⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        6⤵
        Program crash
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        10⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12116 -s 188
        12⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 220
        10⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        9⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        8⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        9⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
        10⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 220
        9⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        8⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        7⤵
        
        PID:6696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
        6⤵
        
        PID:4816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        5⤵
        Program crash
        
        PID:2844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
      4⤵
      Program crash
      PID:1180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
  2⤵
  - Program crash
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe

Filesize
184KB

MD5
1275bd4a88212fce29fa0817a1c8475f

SHA1
1fef74ed08201295421d7b15f4201971eb7ee831

SHA256
431f88d4d7624f3d36fee9699f9ea5885b328a0fef7b47e33835b77561214da7

SHA512
fc75028303a7d3b184da6c02360c6973e27bebc52bf82a40eb0ab5fa04804f1a66088fd811d446d0577a1e0ce54eca343784eedb86251cc9590f9b66fa075800

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe

Filesize
184KB

MD5
a1ff7fdf7e768e29dcba78dc78c7e637

SHA1
c8a46dbfb394a698857ce8770deace417329ad6a

SHA256
05c06c0fbee1bf7a0c8e56cfe4adb990dd61694b0710355eeacfaebaa8847fc2

SHA512
b0238fc02e4f0759ba689b9e42fa0836b8fed4d0e7c1216bb83ab2e2a92ec11248849c82b14cdb08669959d35b7c2ac98db12f0fa2e7c5e484adcec3c94bb824

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe

Filesize
184KB

MD5
ca0bbae6556cf417a7b46692d052976f

SHA1
31aeac5a0398a9c504c717ca31a8ea3eec1cf7ac

SHA256
3e22faf83cccdaa5ead008441bf273ceb745819931b418d3ecf31c5d90475e9b

SHA512
d20747918091c47e0b73fd6e6c6034d2cad65deccfd4411823678437d4ab7315079f53066b1c79a00f4a5cadb9dec1e07d347a27e01a8dcb4b8b692f0d782812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe

Filesize
184KB

MD5
43f82a657d78a15a15ada7a5da9cfcf5

SHA1
a9892b5a82840024a848384b5f5dc38595bc7381

SHA256
ba61c77c393654f942e0032918e9df004a1f91d99f7b3a74a31e42a391f1cbfa

SHA512
d805f54328eebad69102782d4b420541ba9571a036ddbaf0a335afc7f45f4520607f2e18e3dedee35c2f44db1809ec9b2d772e9b5615beb2e2469f50cf28850a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe

Filesize
184KB

MD5
0783820e1cb8c7de97f8b4067a47ec28

SHA1
ddae9698d90be21adc4384d81a15a93a5f1dca9d

SHA256
1aabf0e10f0e4839b4bad666713d50f1a89bc0a2f586282d5753f1a518f7150b

SHA512
34f88b214a63616e7047758ed671522252d3a6b63dae35d3003e035ca8bd8b276372ae0b1a38c7d57bed90d8a26be22a770efcd1e0519008654904f826f47406

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe

Filesize
184KB

MD5
f81a953c0445805b6331fb2197f4c767

SHA1
c9944f13b7a271eef8b479bab8f9e687ef40c91a

SHA256
aabe7196936dc2a0b46aab1a6ea380f0b7d322a8b62fd45c74d5efc01b93a7d9

SHA512
45b98e22a6a7bad63e63d0243127cacd2e84e3455d3b705b17f31fa31ad09f790cf34b76d6dd8f3ff92ce000acf72834e4789b5ecab3abbd606c44fa6ef731b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe

Filesize
184KB

MD5
f177874226618c4bd495c2ab0c350941

SHA1
59865dc688ebb3d02c4c412ebfcfc8048c51c18c

SHA256
bda595b20f480e72af055ba7c36e40ba7675b6430aa655a1f72d0587b709f918

SHA512
940493c3e15ac53e646f07a728d797c8863b7fd2eef77819fdd123066e6da16089b2947fc546ed116936102ab31178bb4538b632b0f0f2a34d62465f093c9704

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe

Filesize
184KB

MD5
00fe403d0d609201534847b128eeb183

SHA1
c406c41456348ee8d84a698d45330bc018434ea8

SHA256
03a05c6535ad5af6af02a75ce4841b14102acdda65e13b6b2b3009b53f89fcda

SHA512
964aa5816f5d701155e6cc4eeb872922f221c94f726c4ed7a38c739e0a231578132944b9cbc5d72768ee211dfe73947f4ffa711ca7fb6737f249cd4ae989d031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe

Filesize
184KB

MD5
fef0849f1281535b29171d6ecf189a7a

SHA1
4aa3657622d6e9759fe330a13782a7c85f7ec137

SHA256
6cd5f1b0adfef53433946d6476514620a6ecc49cab5a9778f5f4c4358264392b

SHA512
4b32ea50d796fc23c5e4a63255d5d6bc1d65b157fc385b501747390defa23eaf341e7ac6033fb54eae62b932aa4af06b905eafe9f00a4d35dfe463e30ea7ff1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe

Filesize
184KB

MD5
a6679820b3ecc5d4f7f689f8f8a2dcef

SHA1
3185dbf371f05dddddf9994428fd65195bfc2d7b

SHA256
8a5074edd8f354d631fb8989260aeda1ad18bdc077b68fe3eb05b788eae74e02

SHA512
c455b5b5bccf1a71067b8596109cfd37c881a20952a8f5fd489cc976f0b3880108d32dbb634da3f4976e06ac1087b8bffbe232c3b778ff29c82774ed0c14ca78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe

Filesize
184KB

MD5
a38f25cb449c5354d0cd95439c0da777

SHA1
06cc493604a7a12df4b8ca756335b6dc8e2bcc88

SHA256
309c6ce11f0439903f326e4ed82d90d283e32dbb43fea6b052f71427d7242f1f

SHA512
77452da5dc66207a55abe53e9a16f00cbc9cf6ad31f3c5e9ece9c0f3dbee8a84af00d20445d107cf1be9afe1f8d45d25e3a07c612f0dfb0c8f2393762c11ada2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe

Filesize
184KB

MD5
746254af36e7ecdf4ebb8a5ed44d31d3

SHA1
0820982b3d10c65353ce7d75070f659968ee8a2f

SHA256
eb2d897f5e5590491b164a16199d52728b951db08236b3c682ac119f861e50e2

SHA512
5654a8deecfe6b306455438a61b7f67924c2fa022cb3e85991f80201ff739deaa849aff48adc778bf7b2cc5af635023f78d38f325f50936a297cfcd3e64608b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe

Filesize
184KB

MD5
84f96645d58c485d718dedfd488a6213

SHA1
66323f0cee0a3a3f52bab5ed3dcb06fa6e010cf4

SHA256
bd72696fe9a6f1b12a53398bbaf92dcafbb0017e93ab9a734f1dc3105697fa8c

SHA512
9257922be6960eb2b1a175d31b0e935a1461a1ab62317a5ee3e4c3bd7e482ab9d69f069c17b10bb26961329488b9c7ec3783cc3c2f6e4893fd770c0f0bfb537a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe

Filesize
184KB

MD5
61ec2695ab5a2918ef18a8b95b21c836

SHA1
6c2db3aa1e7b5888878da05c163aa25b821b206a

SHA256
5bd0677dab343a0ef84e316715a38c389a46a98ef0767291263666b776ef0c5d

SHA512
70feaeb55f1415703690b796e19cc88585315f021e06edf7967ed2c83f458419fac6846195427f52e6a8bcdf32a2ca23a03af45e68d5a0152e01f0f526d4f652

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe

Filesize
184KB

MD5
a5e9c0b5f77781c0cc97fe2de2f19ba3

SHA1
6204547564ef752ae8322236e3bf2f1953fd46f2

SHA256
6598866310f8e44f6608e3f19b4f880da31e7e26fe0c44068adb391b286a9f28

SHA512
66efdfbd2b442030b3543270e13d7a678a3c570076725d46d28f78b858104269cef0fdd71cc3e78a29566eff5ac7801dc67f73b7b0e58e774f7af066eadcd46f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe

Filesize
184KB

MD5
d2c259f413b69d13988c406ffd5337aa

SHA1
62baa32e26646e1952c9f2bd14ed2d834a0b5598

SHA256
36f7731192316cea0b5e7c437d4658c47b13b26542c78ecaa19718254016a0ba

SHA512
9f2872383d1d6599e0790a46dddc1cae3f033fa8b24340f80afc37f6376aa11b612a29f174dd994e46c31efd8c2b2d9674a02f90882b5e38fa2113828c16f579

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe

Filesize
184KB

MD5
adbd490cac14c37d3a07b57f4231ca76

SHA1
7ba5f9bc5b409c924f93deef3786516ac3478d90

SHA256
c30b4e9f9f496356892f7c1c452f9c4abd52de520b7f79b0db883fbc2cdb56e1

SHA512
5b97ebf756eb15c512a924d4fd70c106614e8f043ff931e27924c2fa0bf58eb34ee669036102a784ebb8097a5da87026d750c1788acda56542d819d96ac3b4be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe

Filesize
184KB

MD5
d0a1c3a87a98279a3692b00cb881b24e

SHA1
4f65b0f0757ce3b62d98d965e02109d0180fa8c0

SHA256
691f45f0a3d6bc982717dc875161f9ffd4dbfb89d20b47ddf53b88738450c4f2

SHA512
5f3b9ee9a7deb5bd4ec235e3236396e74c87f9f3df16f157c39e5751746dd8d07eefe718fdc9beb2e1cbcd6a7ba2987ddfa911b43fb00444c9cdeb64fe0622d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe

Filesize
184KB

MD5
807297b27935032da7e48cbda186b3ea

SHA1
bddfdd1b0a83c14056764d97efd0f38087517a7a

SHA256
7553b7479d93b6cb5a8b4326b1e5ad41a1ac4545306c6d597e69a8eba055364a

SHA512
1b4b49f052537878d94ec8b732d8d5ad0155cd16e9c71490b7095a6f2d4f5134630c4734cf9a9de52144d6ef689be4d04f20d50d92e83f7c9ee0b4fc939d89f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe

Filesize
184KB

MD5
9d82adfc71433d1c876bb4c690ad0fe5

SHA1
ca8da21a3709e367f5023b7133e9356499968d73

SHA256
2ded329392f4a1f42ca218376209762f6340aa654a55fb00db80b23f2d0c59de

SHA512
e3ff8852913f1900af3d5f94eaba1115345cf355fc4feb67ec08716a4cd3fcbf7ce4dc43cfd704206cc610815b7ef4f71a553bc5accc7cddfb417db0dfd77118

Download Submit