b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df

Analysis

max time kernel
138s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
Size

184KB
MD5

a51cfdae347c623b1549d95c79b88664
SHA1

1201264fc8f35d6843ebd9eb2f88c1acde212f78
SHA256

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df
SHA512

e7758e2f54ec6a5eeab5dc9d36b3b3d58a8182da6e06bb5e082e40f0884f22bceefa301c645ba54c333e643839f5a60bce7ded0c82566b326452543315150605
SSDEEP

3072:80uncIolMGHmdsAJejscQxPufFNPzHcsl+0MO5wmU6WhlnVOF3n:80GoHysAjcEPufDYJZhlnVOF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeUnicorn-20742.exeUnicorn-56944.exeUnicorn-40608.exeUnicorn-3374.exeUnicorn-52383.exeUnicorn-35532.exeUnicorn-55398.exeUnicorn-15989.exeUnicorn-31810.exeUnicorn-27211.exeUnicorn-31618.exeUnicorn-44425.exeUnicorn-47570.exeUnicorn-13828.exeUnicorn-44041.exeUnicorn-63906.exeUnicorn-59921.exeUnicorn-34902.exeUnicorn-13600.exeUnicorn-9879.exeUnicorn-24592.exeUnicorn-45889.exeUnicorn-24208.exeUnicorn-24208.exeUnicorn-56880.exeUnicorn-37014.exeUnicorn-53351.exeUnicorn-7679.exeUnicorn-4150.exeUnicorn-5339.exeUnicorn-1810.exeUnicorn-21676.exeUnicorn-33413.exeUnicorn-53279.exeUnicorn-3886.exeUnicorn-20223.exeUnicorn-33029.exeUnicorn-20031.exeUnicorn-165.exeUnicorn-52511.exeUnicorn-52511.exeUnicorn-48982.exeUnicorn-38348.exeUnicorn-8821.exeUnicorn-54815.exeUnicorn-57830.exeUnicorn-2085.exeUnicorn-21951.exeUnicorn-29403.exeUnicorn-28888.exeUnicorn-15890.exeUnicorn-9153.exeUnicorn-31650.exeUnicorn-47529.exeUnicorn-34338.exeUnicorn-47145.exeUnicorn-62412.exeUnicorn-50098.exeUnicorn-12443.exeUnicorn-16850.exeUnicorn-52044.exe

pid	process
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
2528	Unicorn-13835.exe
2504	Unicorn-20742.exe
2524	Unicorn-56944.exe
2652	Unicorn-40608.exe
2868	Unicorn-3374.exe
2680	Unicorn-52383.exe
2708	Unicorn-35532.exe
2648	Unicorn-55398.exe
764	Unicorn-15989.exe
1624	Unicorn-31810.exe
1192	Unicorn-27211.exe
2220	Unicorn-31618.exe
2108	Unicorn-44425.exe
2224	Unicorn-47570.exe
2364	Unicorn-13828.exe
788	Unicorn-44041.exe
1376	Unicorn-63906.exe
1132	Unicorn-59921.exe
3064	Unicorn-34902.exe
276	Unicorn-13600.exe
756	Unicorn-9879.exe
992	Unicorn-24592.exe
2740	Unicorn-45889.exe
696	Unicorn-24208.exe
1152	Unicorn-24208.exe
1684	Unicorn-56880.exe
2872	Unicorn-37014.exe
1040	Unicorn-53351.exe
1560	Unicorn-7679.exe
1304	Unicorn-4150.exe
2576	Unicorn-5339.exe
2536	Unicorn-1810.exe
2572	Unicorn-21676.exe
2632	Unicorn-33413.exe
2396	Unicorn-53279.exe
2500	Unicorn-3886.exe
1852	Unicorn-20223.exe
1656	Unicorn-33029.exe
2692	Unicorn-20031.exe
2864	Unicorn-165.exe
1720	Unicorn-52511.exe
1020	Unicorn-52511.exe
1552	Unicorn-48982.exe
2276	Unicorn-38348.exe
1620	Unicorn-8821.exe
1432	Unicorn-54815.exe
1328	Unicorn-57830.exe
2240	Unicorn-2085.exe
2840	Unicorn-21951.exe
2752	Unicorn-29403.exe
2976	Unicorn-28888.exe
1368	Unicorn-15890.exe
1032	Unicorn-9153.exe
872	Unicorn-31650.exe
2832	Unicorn-47529.exe
404	Unicorn-34338.exe
2824	Unicorn-47145.exe
1596	Unicorn-62412.exe
2476	Unicorn-50098.exe
2540	Unicorn-12443.exe
2624	Unicorn-16850.exe
2228	Unicorn-52044.exe

Loads dropped DLL 64 IoCs

Processes:

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exeUnicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeWerFault.exeUnicorn-20742.exeUnicorn-56944.exeUnicorn-40608.exeWerFault.exeWerFault.exeUnicorn-3374.exeUnicorn-52383.exeUnicorn-15989.exeUnicorn-55398.exeUnicorn-35532.exeWerFault.exeWerFault.exeUnicorn-31810.exeUnicorn-31618.exeUnicorn-27211.exeUnicorn-44425.exe

pid	process
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
836	Unicorn-54406.exe
836	Unicorn-54406.exe
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
2528	Unicorn-13835.exe
2528	Unicorn-13835.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2504	Unicorn-20742.exe
2504	Unicorn-20742.exe
2524	Unicorn-56944.exe
2524	Unicorn-56944.exe
2528	Unicorn-13835.exe
2528	Unicorn-13835.exe
2652	Unicorn-40608.exe
2652	Unicorn-40608.exe
2660	Unicorn-34770.exe
2660	Unicorn-34770.exe
2308	WerFault.exe
2308	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
2308	WerFault.exe
2868	Unicorn-3374.exe
2868	Unicorn-3374.exe
2504	Unicorn-20742.exe
2504	Unicorn-20742.exe
2680	Unicorn-52383.exe
2680	Unicorn-52383.exe
2524	Unicorn-56944.exe
2524	Unicorn-56944.exe
764	Unicorn-15989.exe
764	Unicorn-15989.exe
2648	Unicorn-55398.exe
2648	Unicorn-55398.exe
2652	Unicorn-40608.exe
2708	Unicorn-35532.exe
2652	Unicorn-40608.exe
2708	Unicorn-35532.exe
896	WerFault.exe
896	WerFault.exe
896	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
1624	Unicorn-31810.exe
1624	Unicorn-31810.exe
2868	Unicorn-3374.exe
2868	Unicorn-3374.exe
2220	Unicorn-31618.exe
2220	Unicorn-31618.exe
2680	Unicorn-52383.exe
2680	Unicorn-52383.exe
1192	Unicorn-27211.exe
1192	Unicorn-27211.exe
2108	Unicorn-44425.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2776	2468	WerFault.exe	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
2120	836	WerFault.exe	Unicorn-54406.exe
2308	2660	WerFault.exe	Unicorn-34770.exe
352	2528	WerFault.exe	Unicorn-13835.exe
896	2504	WerFault.exe	Unicorn-20742.exe
3036	2652	WerFault.exe	Unicorn-40608.exe
1700	2868	WerFault.exe	Unicorn-3374.exe
2080	2680	WerFault.exe	Unicorn-52383.exe
3028	764	WerFault.exe	Unicorn-15989.exe
2304	2648	WerFault.exe	Unicorn-55398.exe
2920	2708	WerFault.exe	Unicorn-35532.exe
1252	2632	WerFault.exe	Unicorn-33413.exe
784	1624	WerFault.exe	Unicorn-31810.exe
584	1192	WerFault.exe	Unicorn-27211.exe
1548	2108	WerFault.exe	Unicorn-44425.exe
824	788	WerFault.exe	Unicorn-44041.exe
2352	2364	WerFault.exe	Unicorn-13828.exe
1760	2224	WerFault.exe	Unicorn-47570.exe
3020	1132	WerFault.exe	Unicorn-59921.exe
884	3064	WerFault.exe	Unicorn-34902.exe
2988	276	WerFault.exe	Unicorn-13600.exe
1504	756	WerFault.exe	Unicorn-9879.exe
348	992	WerFault.exe	Unicorn-24592.exe
2008	2740	WerFault.exe	Unicorn-45889.exe
2052	696	WerFault.exe	Unicorn-24208.exe
2732	1152	WerFault.exe	Unicorn-24208.exe
1028	1040	WerFault.exe	Unicorn-53351.exe
2472	2872	WerFault.exe	Unicorn-37014.exe
1652	1560	WerFault.exe	Unicorn-7679.exe
1900	1304	WerFault.exe	Unicorn-4150.exe
804	2572	WerFault.exe	Unicorn-21676.exe
2812	2536	WerFault.exe	Unicorn-1810.exe
2552	2576	WerFault.exe	Unicorn-5339.exe
3084	2396	WerFault.exe	Unicorn-53279.exe
3108	1852	WerFault.exe	Unicorn-20223.exe
3224	1720	WerFault.exe	Unicorn-52511.exe
3268	2692	WerFault.exe	Unicorn-20031.exe
3284	1552	WerFault.exe	Unicorn-48982.exe
3316	1432	WerFault.exe	Unicorn-54815.exe
3340	1620	WerFault.exe	Unicorn-8821.exe
3332	2840	WerFault.exe	Unicorn-21951.exe
3372	1020	WerFault.exe	Unicorn-52511.exe
3392	2500	WerFault.exe	Unicorn-3886.exe
3436	1328	WerFault.exe	Unicorn-57830.exe
3484	2220	WerFault.exe	Unicorn-31618.exe
3664	2276	WerFault.exe	Unicorn-38348.exe
3984	1032	WerFault.exe	Unicorn-9153.exe
3188	2476	WerFault.exe	Unicorn-50098.exe
3748	1376	WerFault.exe	Unicorn-63906.exe
3192	2720	WerFault.exe	Unicorn-22517.exe
3556	1896	WerFault.exe	Unicorn-5796.exe
3652	2228	WerFault.exe	Unicorn-52044.exe
3712	2668	WerFault.exe	Unicorn-35323.exe
3524	844	WerFault.exe	Unicorn-34747.exe
3532	3952	WerFault.exe	Unicorn-16328.exe
3792	2752	WerFault.exe	Unicorn-29403.exe
4036	2604	WerFault.exe	Unicorn-41047.exe
3520	2380	WerFault.exe	Unicorn-44193.exe
4184	1596	WerFault.exe	Unicorn-62412.exe
4200	2424	WerFault.exe	Unicorn-40960.exe
4208	1368	WerFault.exe	Unicorn-15890.exe
4228	404	WerFault.exe	Unicorn-34338.exe
4260	2712	WerFault.exe	Unicorn-10295.exe
4364	2832	WerFault.exe	Unicorn-47529.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exeUnicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeUnicorn-20742.exeUnicorn-40608.exeUnicorn-56944.exeUnicorn-3374.exeUnicorn-52383.exeUnicorn-55398.exeUnicorn-35532.exeUnicorn-15989.exeUnicorn-31810.exeUnicorn-27211.exeUnicorn-31618.exeUnicorn-44425.exeUnicorn-47570.exeUnicorn-13828.exeUnicorn-63906.exeUnicorn-44041.exeUnicorn-34902.exeUnicorn-59921.exeUnicorn-13600.exeUnicorn-9879.exeUnicorn-24592.exeUnicorn-45889.exeUnicorn-24208.exeUnicorn-24208.exeUnicorn-37014.exeUnicorn-56880.exeUnicorn-7679.exeUnicorn-53351.exeUnicorn-4150.exeUnicorn-21676.exeUnicorn-5339.exeUnicorn-1810.exeUnicorn-33413.exeUnicorn-53279.exeUnicorn-3886.exeUnicorn-20223.exeUnicorn-33029.exeUnicorn-165.exeUnicorn-20031.exeUnicorn-52511.exeUnicorn-52511.exeUnicorn-48982.exeUnicorn-38348.exeUnicorn-8821.exeUnicorn-54815.exeUnicorn-2085.exeUnicorn-57830.exeUnicorn-21951.exeUnicorn-29403.exeUnicorn-28888.exeUnicorn-15890.exeUnicorn-9153.exeUnicorn-31650.exeUnicorn-47529.exeUnicorn-34338.exeUnicorn-47145.exeUnicorn-62412.exeUnicorn-50098.exeUnicorn-16850.exeUnicorn-12443.exe

pid	process
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
2528	Unicorn-13835.exe
2504	Unicorn-20742.exe
2652	Unicorn-40608.exe
2524	Unicorn-56944.exe
2868	Unicorn-3374.exe
2680	Unicorn-52383.exe
2648	Unicorn-55398.exe
2708	Unicorn-35532.exe
764	Unicorn-15989.exe
1624	Unicorn-31810.exe
1192	Unicorn-27211.exe
2220	Unicorn-31618.exe
2108	Unicorn-44425.exe
2224	Unicorn-47570.exe
2364	Unicorn-13828.exe
1376	Unicorn-63906.exe
788	Unicorn-44041.exe
3064	Unicorn-34902.exe
1132	Unicorn-59921.exe
276	Unicorn-13600.exe
756	Unicorn-9879.exe
992	Unicorn-24592.exe
2740	Unicorn-45889.exe
1152	Unicorn-24208.exe
696	Unicorn-24208.exe
2872	Unicorn-37014.exe
1684	Unicorn-56880.exe
1560	Unicorn-7679.exe
1040	Unicorn-53351.exe
1304	Unicorn-4150.exe
2572	Unicorn-21676.exe
2576	Unicorn-5339.exe
2536	Unicorn-1810.exe
2632	Unicorn-33413.exe
2396	Unicorn-53279.exe
2500	Unicorn-3886.exe
1852	Unicorn-20223.exe
1656	Unicorn-33029.exe
2864	Unicorn-165.exe
2692	Unicorn-20031.exe
1720	Unicorn-52511.exe
1020	Unicorn-52511.exe
1552	Unicorn-48982.exe
2276	Unicorn-38348.exe
1620	Unicorn-8821.exe
1432	Unicorn-54815.exe
2240	Unicorn-2085.exe
1328	Unicorn-57830.exe
2840	Unicorn-21951.exe
2752	Unicorn-29403.exe
2976	Unicorn-28888.exe
1368	Unicorn-15890.exe
1032	Unicorn-9153.exe
872	Unicorn-31650.exe
2832	Unicorn-47529.exe
404	Unicorn-34338.exe
2824	Unicorn-47145.exe
1596	Unicorn-62412.exe
2476	Unicorn-50098.exe
2624	Unicorn-16850.exe
2540	Unicorn-12443.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exeUnicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeUnicorn-20742.exeUnicorn-56944.exeUnicorn-40608.exeUnicorn-3374.exe

description	pid	process	target process
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe

C:\Users\Admin\AppData\Local\Temp\b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
"C:\Users\Admin\AppData\Local\Temp\b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        11⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        12⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        13⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        14⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 204
        14⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        13⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 220
        12⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
        11⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 208
        13⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        10⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        11⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        12⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        13⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        12⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        10⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        9⤵
        Program crash
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        8⤵
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        9⤵
        Program crash
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        8⤵
        Program crash
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        7⤵
        Program crash
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        9⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 240
        10⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        8⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        9⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 220
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        10⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 208
        11⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 220
        10⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        8⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        7⤵
        Program crash
        
        PID:1900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        12⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        13⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        13⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        11⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        9⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        9⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        11⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        12⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        12⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        11⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
        11⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        12⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        10⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        11⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 204
        11⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        10⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        8⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
        7⤵
        Program crash
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 204
        11⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        10⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        8⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        7⤵
        Program crash
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        6⤵
        Program crash
        
        PID:824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        10⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        11⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        12⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        13⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        10⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        9⤵
        Program crash
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        11⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 188
        12⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        9⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        8⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        12⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        11⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
        9⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
        8⤵
        Program crash
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        11⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        12⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        11⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        8⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        11⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
        8⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        7⤵
        Program crash
        
        PID:3664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 220
        6⤵
        Program crash
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33096.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        12⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        12⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 220
        11⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        10⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
        10⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        11⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 204
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        11⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        11⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        8⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        10⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        11⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 204
        11⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        10⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 204
        10⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        9⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        8⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        7⤵
        
        PID:5484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        6⤵
        Program crash
        
        PID:2472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        5⤵
        Program crash
        
        PID:3028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        9⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        12⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
        10⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        9⤵
        Program crash
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        8⤵
        Program crash
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 220
        12⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        8⤵
        Program crash
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        7⤵
        Program crash
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        10⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        12⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 220
        12⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        11⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
        11⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        9⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        8⤵
        Program crash
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        10⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        Program crash
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:2812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        12⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        9⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
        11⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        10⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        8⤵
        Program crash
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        11⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
        11⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32986.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
        10⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        10⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        7⤵
        Program crash
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 204
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        10⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 220
        10⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        9⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        10⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
        10⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 240
        10⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 240
        9⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        9⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        10⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 204
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
        9⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 220
        9⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        9⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        9⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
        9⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 220
        8⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        7⤵
        
        PID:4924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        6⤵
        Program crash
        
        PID:884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        5⤵
        Program crash
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        10⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 220
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 208
        11⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        10⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 240
        8⤵
        Program crash
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        7⤵
        Program crash
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 204
        11⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 220
        10⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        9⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        9⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
        10⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        9⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        7⤵
        Program crash
        
        PID:4184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        6⤵
        Program crash
        
        PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
        5⤵
        Program crash
        
        PID:584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        9⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        11⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        12⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        13⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        13⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        12⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        11⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        11⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        10⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 220
        11⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        8⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        10⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 220
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        10⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        Program crash
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        11⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        8⤵
        Program crash
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        7⤵
        Program crash
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 200
        7⤵
        Program crash
        
        PID:1252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        6⤵
        Program crash
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        11⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
        12⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        10⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
        11⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        11⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        10⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
        10⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
        11⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 204
        11⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        10⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 216
        8⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
        7⤵
        Program crash
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        6⤵
        
        PID:2896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        6⤵
        Program crash
        
        PID:1504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        5⤵
        Program crash
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        12⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        11⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        10⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        11⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 204
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        10⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        10⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 204
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 220
        10⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
        8⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        6⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        9⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        10⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        10⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        9⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        7⤵
        Program crash
        
        PID:3652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        6⤵
        Program crash
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        10⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        11⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 204
        11⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 220
        10⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
        9⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 220
        10⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        9⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        8⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        7⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
        9⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        10⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        9⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 220
        8⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
        7⤵
        
        PID:5620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        5⤵
        Program crash
        
        PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        10⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        11⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        11⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 220
        10⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        9⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        10⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        10⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
        10⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 220
        9⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
        9⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        10⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        10⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        9⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 220
        9⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 220
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        9⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        10⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        9⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 212
        9⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        9⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        9⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 240
        9⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 220
        8⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        10⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        10⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 220
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        9⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 220
        9⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        9⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        9⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 220
        9⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 220
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        9⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 212
        9⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        8⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 220
        8⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        9⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        10⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        10⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 220
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        9⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 220
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        9⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        9⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 220
        9⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 240
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        9⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        8⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 220
        8⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 240
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        6⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        9⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        9⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        8⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 220
        8⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        8⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        8⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 220
        7⤵
        
        PID:8560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        9⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        10⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 220
        10⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        9⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 220
        9⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        9⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        9⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 220
        9⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 240
        8⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        9⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        9⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        8⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 220
        8⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
        7⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        6⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        7⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 368
        8⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        7⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        9⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        8⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 212
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
        8⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 240
        8⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 220
        7⤵
        
        PID:8576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        10⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        10⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        9⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
        9⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 240
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 220
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        9⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        8⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 220
        8⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        6⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        9⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        9⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        8⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 220
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        8⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        8⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 220
        7⤵
        
        PID:8684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        9⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 204
        9⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 220
        8⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        7⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
        7⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 212
        7⤵
        
        PID:10420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 220
        6⤵
        
        PID:7372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        5⤵
        Program crash
        
        PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        10⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        11⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        10⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        7⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 188
        8⤵
        Program crash
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        6⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        9⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
        10⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 204
        10⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        9⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        8⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
        7⤵
        
        PID:4740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        6⤵
        Program crash
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        9⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        10⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
        10⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        9⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        8⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        9⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
        8⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 220
        7⤵
        
        PID:7492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        6⤵
        
        PID:5756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        5⤵
        Program crash
        
        PID:1028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
      4⤵
      Program crash
      PID:2920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
  2⤵
  - Program crash
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe

Filesize
184KB

MD5
4d58c13d03e41bc50658b7daeada0452

SHA1
1c7d62608821a9f38525116b2a464a9b885ee3d4

SHA256
5ca70e068423ad2a15ffbab733f7f7eb515481289a21c5f4fb5a5e4a8bdc475f

SHA512
89de650d93c78a8d280b653eefe45ca0ac7519ea165d09fc0f17be1a348ad78b790ba946efbec29058ae6c4c66fc66b7d348c2b7cfa4d63ae3316a05e300db56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe

Filesize
184KB

MD5
2e379e6e80ed87969f2daeb890fad2d0

SHA1
86e4ee608e85495a59f60c3701c3e4cc450d61eb

SHA256
b8acbaf6255a524c52e44e438c594c4e2266adcb2887920aa56bbf9fc0e4b4c8

SHA512
1c65c971d6af02032bac5bdddabf8c23958b05246bb439aa52333ddcc9ceb66b5187d3091b4518f24f0af3dd52bc6eddbb1903781865b3de26417d88b9399f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe

Filesize
184KB

MD5
8ca9efbadf754b1884e09f3a91be1f5d

SHA1
171ae3bd71add5ac3d07591a04923849b01cb604

SHA256
c7334e0bdc81afca9885d6ac0624dd0749ed7b9daabe0ca8a62229dd31102fa5

SHA512
d0439b97e190f34839fa983ed6303815e2abd08471ed3b92df9a8e7f3cfa3ece5cff6b39a5e24779869b238a81119bd2cc77bc755e79b806981dae41995e6a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe

Filesize
184KB

MD5
0678ba222e2c56c8ba2dea224a86af4f

SHA1
bfd7a73758957a72e9d4c67bc4b6b31a49c983e4

SHA256
3d8a10cba1051f6a9465db8594615f3edf8e16de1929aa361f09449515f4a64d

SHA512
2eb02c7c8aae20b619ce3a5a1bb4cb6f062a0b2d7b54c0c44211fcd6f2d9f1bb5623c6c0aa8b4264b3f8692aad4c1d23e66103743daf19672a688b9127f21f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe

Filesize
184KB

MD5
210060d3b5a5467fd1454aa0cb604da9

SHA1
2b8ee8745c1c104d85c2ebaee511c510c3bcf509

SHA256
0d73b524cb4a602b4454da6389b01969d0bae225bdadd136472283e22e8774f5

SHA512
641e8c6de7fe6011b09ebfa1dfa7216736f16798bc979a5f22981634becd85a9a178428ab7039087e11ee7256b5ae0c47cc558c7647b939c032440f76cb113d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe

Filesize
184KB

MD5
1047bb8a3dedb9188f7ac4423aa51da7

SHA1
33e15b4e586b79944a54be6c6bc1535bf26f98a0

SHA256
6c231debc621b4b3fa2b0684eb0a88a425e36b337f1f755c7f0d4235237303d2

SHA512
9e45bca9f687d27d1d2f7fa8094d5d26f6724f79d89d06e9901681925c9d1ac8d88167961837a1e194bf29ee483969fcc6e3c26ac820839066e786d98aad3d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe

Filesize
184KB

MD5
663852c88f71e35c18506c8d3c1ef9d0

SHA1
7b10ca5a1f05b1c4a8aa032afc3724c1839157f3

SHA256
1f66890b465ec1065cf86c828a43c03df73327ecf9636a85c889fce8f3995064

SHA512
763f4fc493ae9a6ccb6914dfcc5ff1ccad4364d6293c1096a1d44a6e02b4fc593a6bb236c5e403d1d63c6ff12a3d16eabc1d1a25a1a7826a019c8f50b29f9333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe

Filesize
184KB

MD5
f53eb1e1e8add72ab24543557fb77da3

SHA1
c59927b04a8423d77e4876c616679d59bec06cf6

SHA256
8b1dbee8f1939d47f1987a146ab5c1a970e679d5f36bb86edafcd2fa580c17bb

SHA512
3e1c1e01f3c96a67faa6f0aab0e39dd285a843d90993fd15bdd9d13cf19f48746169d904c199e3c88b1c8efa54063175488e26d01f3fbc2057be42e820a401f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe

Filesize
184KB

MD5
54c23cc9ddc114a748c036d8b19e46fd

SHA1
ba523b4d7dfe43262be70beb1f8dc9ff596da3f9

SHA256
3d9f3574f645a3396109122cd94e024a9932dbdb6b59667af1addf24ec68fbed

SHA512
59df5579157d29d78d8241da13c280fdb48d8a3dca6d3b61a7fa97f0c625b7e331bbf08f0b2b2d591e307f39e6cf4a6c51fd6475edaf8764400955e0bbdc7bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe

Filesize
184KB

MD5
9ec71ad34c2b4cd41952612d34b44135

SHA1
179c9c88c2298bde147e6fddbca6207d4ca3516e

SHA256
02296d071106dd8e4e02fb3c0a8161fac4c27b4227ba9cd90a15a67f4a40dca9

SHA512
e92215410f0eee9a9883e28c78ef55e288511d1799a3a878781f9aef39b3b61d9f7a1654b0b43725a31bbbb13a96e25c19e991b494dbe5704cddada3ef70e5c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe

Filesize
184KB

MD5
715deab2a802ad9d4a46111bfa9251bb

SHA1
f98bf8a0bfef81e4bb4efe43a512693d8bdb393b

SHA256
0a3cf28e94e9cd4c7f567798f299798207930a494a78ab646c490f260ec35bfd

SHA512
cab6d072aedcfbc2e055aefd773f2ac0f85c6eb67415338545e6ddab9f917101f00d1ac84969064d5a29ecada3c56fcb497afe40a3da0638f84530deef076388

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe

Filesize
184KB

MD5
21150e33b959c5d50d9f5c0f3f917c0f

SHA1
4eebd7bcf34916cb6334dd3f46178324737dd656

SHA256
847d71f3fd33bbe6ecd3b20c2dbee7e87ba8ab78319ecb4d6cd4417898fae2c3

SHA512
7d5832bab39b060c35070990fe5727cbf4a12e398ff79f040dadccc44437a46339f040c3df5a54ff7799a93a8dd1cd60ee54e96e06f36586b252396a251eee4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe

Filesize
184KB

MD5
9c7ace3192c65037fb84b53e3c973d59

SHA1
c18862dd7abaa16b603b0a6821e3c7b8dc640cfd

SHA256
d33ad9860c3b375424dcc4e60d9bb0edbd507d80ddce9e02feff5f9d61da47d0

SHA512
c0b0b6a7d1dc748e2a64f949ec3c026700c80996db0e1b10612f48d8d398ec92c53dbdfd9d2ded2409a3a9e4cdd9b7b0ff6c96eda8118738059a24a3e953071a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe

Filesize
184KB

MD5
79d3c239b92a723780ca57c5dab1dd1e

SHA1
e16c1e8a25f21e2cc09ed27d6b847b012a9a1b50

SHA256
a6442af7dcf7f1606b54df247f42fe5293ee8e4a6055ede624e9dd19f11f710c

SHA512
486bca409b18651522f6e098588a41606a0a28ab83e78e7edc58df1a3d9d021daae77458d4c4efe759a7556e80113f5837c1523d4a2f81c1a81f0aa4fbe83001

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe

Filesize
184KB

MD5
d4d262de9b6326fc34b82a6849c3df2b

SHA1
a574477212a25aea8881083feb910db1f69572d7

SHA256
6af6eb0c474104ad1b428b015d6bac002298bfb235bf718e214f082b8031e973

SHA512
924296356916e19e9b275465633ea40ae6a47f07002422df14eda957b23738ad2b92ff760bd1d32a5823a0368d5a6f6bb5eaa462eb1e5bbcd2d3adaf9c086b7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe

Filesize
184KB

MD5
f4d8553ba6f27feeb03a62b7c0442b41

SHA1
e4455ec6c37a7a23645873d9e6f94f1ee505ff48

SHA256
c5a6861bda9c1c903b44936cfa6bc44d2c5296b68fc8da3841528c45ff5370cb

SHA512
6b135f7fde8c3e1c28f7b3c58f7e48a6e6b4d9a1c2f85e4c4388be5bf53bcb631574f38586128412efe509420ab48f57eaeba4cfec513093bee2be92b38cb77d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe

Filesize
184KB

MD5
8a33e19e7d6131e69014078da3095890

SHA1
307c12deea39138137abbcad0277f5408a562c5e

SHA256
788f66320fe8812c7f17ac68bae9447c7b2fec0755ed92e3950e3d50d3f1663a

SHA512
95685022d72921729ad7868a82547a2be58004b5ef12f9be1969dc390ec1317f94436ff24c1aede97c7963cbf4d4be75bde924d1aee5b1a4bb2133425ca9e674

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe

Filesize
184KB

MD5
7ac5ea41a93601fdf35f529de0beb63a

SHA1
e0f0757cc6bad4e90995a66ae266ea2bd444ff56

SHA256
e0b810c9a58ff3f48e2bc990078e69fec55ffc10bd49b4567e482dd46073417e

SHA512
b75aa0828600bbce28f3e63517979afb1d1a6d000899fe90234e76feda99a02cf4dc533c63a72e472cadfee110727f4725170d02ac6770c5c731fa3b6ff3194d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe

Filesize
184KB

MD5
217d9ac6ad59a2dbbc7d952b9b7b2fd2

SHA1
3778e215e45e2ca8961f35afb07abe4b6a76541e

SHA256
78b01b3fd75fca63459c9af4cb9f08e65f27a26e81e35b44e61ed9d582615dc2

SHA512
7a393f30a99848dba376bbb535ebeb9a0e466030c76c9258f2f2d20de5df58a6b00b7919ae15eeec5cce818a33518067b5c1e39772d6e40b468e3390f2a7fbe1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe

Filesize
184KB

MD5
3774148960f250fd61c1fb49ab8ffd0b

SHA1
063faa7fe54b5db1c8cfd6d23e92c72fe198c61b

SHA256
5f0822b92e9ada6d0bb73920c630a5763fe188d2450041196a7359b46c97a013

SHA512
28e4b980beab575dbb1b51fa117a6712cdc6ca4d3986478f515c87828e5bde35f212a433adfc115d6bed97ba61866d0140b86b9518feccd94e2c8ed7e1524b24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe

Filesize
184KB

MD5
2e7dcf77e04eb4f80d7849470f993fe3

SHA1
305578b8e9205348b2485c58432063bb7f880637

SHA256
4f7d8d980635e5efc8092163d14b6d849ab181107f5ac00331a6a0e674118bd7

SHA512
b5157d1293113cd6763fbffb60fe37397b9aee011c118c98fd447470041fbb24be7aca4b5c095aac06020403bfaa58e5070e5526d5b190fb0259f2a2896ab317

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe

Filesize
184KB

MD5
440405bf899f416fa23ecd158e2f646b

SHA1
fd73cb77eb46a0df733e8b97f9539d22b75318aa

SHA256
ed50526af739c4382b7dfaef34bfe787dcf0ed14dbde083499cdf19bfc40bdf9

SHA512
119cbb51d374ce9d9fc2068821b6338945dc2a164abdb0cc8b19318e988757fee2e303bd8ab0f5a488c93e0b6baa2a9e61d57b1449759c615c43c024e48b26b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe

Filesize
184KB

MD5
dde5ed4bd5ffb64ecd0d9d6c402a6eb7

SHA1
5609c2f3003b4db306a7e70b454c8dd0536be591

SHA256
32f59bcac827af1f861c1f8b302f498e0388dad8a1882ac9e1ae3b95c570cd4b

SHA512
69ebd3c214cc3e59546392be19793f5c20a1f171b6519f1ae36d2255124497b2bf872a5619053b827d0fd91e2d091575ebe613d0153c548f71bfb4983ae1608a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe

Filesize
184KB

MD5
b9805777fd1fa6486ed85d072353b51e

SHA1
e4cb445d74c8c77c8852ba230af688c48b19dd85

SHA256
9ee7a64ffa44787b18ba694595e1a41f878a960c9ec293a54f8dd8b962ace8f3

SHA512
addf6070bcfca4fdd2c2d9980fceccfb2749afcee44eab0d922e0e63eb6f5c7dff756670bbaa21c1d75f7796a682c4b820cc210738a154f0faaab9d63f9c59df

Download Submit