bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
Size

184KB
MD5

8fe3e0e6613db291a065b04d05e3fa42
SHA1

a2c82a997a7e04c7813457d8b53e1a79467082f5
SHA256

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721
SHA512

238d66e4f647f8e92cea841f0a34eb9fb3f0569e43fb5df061eb265f656b6501e230d8c8722667b0b2632df3fa47444ce491b1816abc738204e5a65ab065b880
SSDEEP

3072:UMS7TxoTFAOpd4hIeE7LRbV4MlnziF5n3:UMkobn4hCLJV4MlnziF5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-26653.exeUnicorn-24383.exeUnicorn-20853.exeUnicorn-36194.exeUnicorn-49001.exeUnicorn-3329.exeUnicorn-10143.exeUnicorn-55815.exeUnicorn-39286.exeUnicorn-15104.exeUnicorn-15104.exeUnicorn-2795.exeUnicorn-64803.exeUnicorn-50735.exeUnicorn-24607.exeUnicorn-57279.exeUnicorn-37413.exeUnicorn-8078.exeUnicorn-4549.exeUnicorn-4321.exeUnicorn-14113.exeUnicorn-36994.exeUnicorn-33464.exeUnicorn-3937.exeUnicorn-13729.exeUnicorn-19890.exeUnicorn-16360.exeUnicorn-52562.exeUnicorn-52562.exeUnicorn-19698.exeUnicorn-65369.exeUnicorn-14116.exeUnicorn-17454.exeUnicorn-62056.exeUnicorn-48865.exeUnicorn-61672.exeUnicorn-33214.exeUnicorn-48481.exeUnicorn-61288.exeUnicorn-15617.exeUnicorn-12959.exeUnicorn-17921.exeUnicorn-61968.exeUnicorn-42102.exeUnicorn-30727.exeUnicorn-29104.exeUnicorn-45440.exeUnicorn-14199.exeUnicorn-12575.exeUnicorn-46872.exeUnicorn-42093.exeUnicorn-3883.exeUnicorn-21843.exeUnicorn-33026.exeUnicorn-55004.exeUnicorn-5803.exeUnicorn-5803.exeUnicorn-17541.exeUnicorn-5611.exeUnicorn-53551.exeUnicorn-49830.exeUnicorn-16773.exeUnicorn-4843.exeUnicorn-49446.exe

pid	process
1440	Unicorn-26653.exe
2100	Unicorn-24383.exe
2472	Unicorn-20853.exe
2644	Unicorn-36194.exe
2664	Unicorn-49001.exe
2640	Unicorn-3329.exe
1680	Unicorn-10143.exe
1424	Unicorn-55815.exe
1992	Unicorn-39286.exe
2216	Unicorn-15104.exe
316	Unicorn-15104.exe
1624	Unicorn-2795.exe
2284	Unicorn-64803.exe
2076	Unicorn-50735.exe
2060	Unicorn-24607.exe
2892	Unicorn-57279.exe
2360	Unicorn-37413.exe
580	Unicorn-8078.exe
592	Unicorn-4549.exe
2380	Unicorn-4321.exe
2364	Unicorn-14113.exe
2028	Unicorn-36994.exe
1304	Unicorn-33464.exe
1976	Unicorn-3937.exe
1664	Unicorn-13729.exe
1224	Unicorn-19890.exe
2116	Unicorn-16360.exe
2308	Unicorn-52562.exe
1720	Unicorn-52562.exe
2356	Unicorn-19698.exe
2172	Unicorn-65369.exe
2204	Unicorn-14116.exe
2440	Unicorn-17454.exe
1920	Unicorn-62056.exe
2944	Unicorn-48865.exe
2548	Unicorn-61672.exe
2536	Unicorn-33214.exe
2436	Unicorn-48481.exe
2976	Unicorn-61288.exe
2696	Unicorn-15617.exe
1824	Unicorn-12959.exe
2168	Unicorn-17921.exe
1896	Unicorn-61968.exe
2420	Unicorn-42102.exe
2012	Unicorn-30727.exe
2004	Unicorn-29104.exe
1200	Unicorn-45440.exe
1764	Unicorn-14199.exe
1628	Unicorn-12575.exe
1736	Unicorn-46872.exe
840	Unicorn-42093.exe
1364	Unicorn-3883.exe
1852	Unicorn-21843.exe
1640	Unicorn-33026.exe
896	Unicorn-55004.exe
2184	Unicorn-5803.exe
1740	Unicorn-5803.exe
3064	Unicorn-17541.exe
1328	Unicorn-5611.exe
2672	Unicorn-53551.exe
324	Unicorn-49830.exe
2524	Unicorn-16773.exe
2544	Unicorn-4843.exe
2648	Unicorn-49446.exe

Loads dropped DLL 64 IoCs

Processes:

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exeUnicorn-26653.exeUnicorn-20853.exeUnicorn-24383.exeWerFault.exeUnicorn-36194.exeUnicorn-3329.exeUnicorn-49001.exeWerFault.exeWerFault.exeUnicorn-10143.exeUnicorn-55815.exeUnicorn-15104.exeUnicorn-39286.exeUnicorn-15104.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
1440	Unicorn-26653.exe
1440	Unicorn-26653.exe
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2472	Unicorn-20853.exe
2472	Unicorn-20853.exe
1440	Unicorn-26653.exe
1440	Unicorn-26653.exe
2100	Unicorn-24383.exe
2100	Unicorn-24383.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2472	Unicorn-20853.exe
2644	Unicorn-36194.exe
2644	Unicorn-36194.exe
2472	Unicorn-20853.exe
2100	Unicorn-24383.exe
2100	Unicorn-24383.exe
2640	Unicorn-3329.exe
2664	Unicorn-49001.exe
2640	Unicorn-3329.exe
2664	Unicorn-49001.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1864	WerFault.exe
1532	WerFault.exe
1680	Unicorn-10143.exe
1680	Unicorn-10143.exe
2644	Unicorn-36194.exe
2644	Unicorn-36194.exe
1424	Unicorn-55815.exe
1424	Unicorn-55815.exe
316	Unicorn-15104.exe
316	Unicorn-15104.exe
1992	Unicorn-39286.exe
1992	Unicorn-39286.exe
2664	Unicorn-49001.exe
2664	Unicorn-49001.exe
2216	Unicorn-15104.exe
2216	Unicorn-15104.exe
2640	Unicorn-3329.exe
2640	Unicorn-3329.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
288	WerFault.exe
288	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2632	2164	WerFault.exe	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2956	1440	WerFault.exe	Unicorn-26653.exe
1864	2472	WerFault.exe	Unicorn-20853.exe
1532	2100	WerFault.exe	Unicorn-24383.exe
816	2644	WerFault.exe	Unicorn-36194.exe
2492	2664	WerFault.exe	Unicorn-49001.exe
288	2640	WerFault.exe	Unicorn-3329.exe
1604	1680	WerFault.exe	Unicorn-10143.exe
1704	1424	WerFault.exe	Unicorn-55815.exe
1008	316	WerFault.exe	Unicorn-15104.exe
2756	1992	WerFault.exe	Unicorn-39286.exe
2680	2216	WerFault.exe	Unicorn-15104.exe
332	1624	WerFault.exe	Unicorn-2795.exe
684	2284	WerFault.exe	Unicorn-64803.exe
3044	2076	WerFault.exe	Unicorn-50735.exe
2368	2060	WerFault.exe	Unicorn-24607.exe
876	2892	WerFault.exe	Unicorn-57279.exe
2988	1640	WerFault.exe	Unicorn-33026.exe
1904	2360	WerFault.exe	Unicorn-37413.exe
844	592	WerFault.exe	Unicorn-4549.exe
1516	2364	WerFault.exe	Unicorn-14113.exe
1796	2028	WerFault.exe	Unicorn-36994.exe
3052	1304	WerFault.exe	Unicorn-33464.exe
2736	1976	WerFault.exe	Unicorn-3937.exe
2424	1664	WerFault.exe	Unicorn-13729.exe
2616	2172	WerFault.exe	Unicorn-65369.exe
1344	2308	WerFault.exe	Unicorn-52562.exe
2228	1224	WerFault.exe	Unicorn-19890.exe
1876	2116	WerFault.exe	Unicorn-16360.exe
1972	2356	WerFault.exe	Unicorn-19698.exe
1676	1720	WerFault.exe	Unicorn-52562.exe
3020	2204	WerFault.exe	Unicorn-14116.exe
1772	2440	WerFault.exe	Unicorn-17454.exe
2752	1920	WerFault.exe	Unicorn-62056.exe
3152	2536	WerFault.exe	Unicorn-33214.exe
3160	2548	WerFault.exe	Unicorn-61672.exe
3224	2696	WerFault.exe	Unicorn-15617.exe
3216	2976	WerFault.exe	Unicorn-61288.exe
3232	2944	WerFault.exe	Unicorn-48865.exe
3352	1764	WerFault.exe	Unicorn-14199.exe
3344	2012	WerFault.exe	Unicorn-30727.exe
3360	2004	WerFault.exe	Unicorn-29104.exe
3392	1200	WerFault.exe	Unicorn-45440.exe
3432	1824	WerFault.exe	Unicorn-12959.exe
3440	1896	WerFault.exe	Unicorn-61968.exe
3456	2168	WerFault.exe	Unicorn-17921.exe
3448	1736	WerFault.exe	Unicorn-46872.exe
3504	2420	WerFault.exe	Unicorn-42102.exe
3596	2436	WerFault.exe	Unicorn-48481.exe
3836	1628	WerFault.exe	Unicorn-12575.exe
3952	840	WerFault.exe	Unicorn-42093.exe
3724	2544	WerFault.exe	Unicorn-4843.exe
3884	324	WerFault.exe	Unicorn-49830.exe
3956	2052	WerFault.exe	Unicorn-58621.exe
4088	1652	WerFault.exe	Unicorn-23125.exe
3540	1636	WerFault.exe	Unicorn-23125.exe
3608	1996	WerFault.exe	Unicorn-10318.exe
3660	1900	WerFault.exe	Unicorn-55990.exe
3680	2380	WerFault.exe	Unicorn-4321.exe
3328	1364	WerFault.exe	Unicorn-3883.exe
4160	2184	WerFault.exe	Unicorn-5803.exe
4188	2920	WerFault.exe	Unicorn-61906.exe
4212	2400	WerFault.exe	Unicorn-45378.exe
4264	2884	WerFault.exe	Unicorn-48523.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exeUnicorn-26653.exeUnicorn-20853.exeUnicorn-24383.exeUnicorn-36194.exeUnicorn-49001.exeUnicorn-3329.exeUnicorn-10143.exeUnicorn-55815.exeUnicorn-15104.exeUnicorn-15104.exeUnicorn-39286.exeUnicorn-2795.exeUnicorn-64803.exeUnicorn-50735.exeUnicorn-24607.exeUnicorn-57279.exeUnicorn-8078.exeUnicorn-4549.exeUnicorn-37413.exeUnicorn-4321.exeUnicorn-14113.exeUnicorn-36994.exeUnicorn-33464.exeUnicorn-3937.exeUnicorn-13729.exeUnicorn-19890.exeUnicorn-16360.exeUnicorn-52562.exeUnicorn-52562.exeUnicorn-19698.exeUnicorn-65369.exeUnicorn-14116.exeUnicorn-17454.exeUnicorn-62056.exeUnicorn-48865.exeUnicorn-61672.exeUnicorn-33214.exeUnicorn-48481.exeUnicorn-61288.exeUnicorn-15617.exeUnicorn-12959.exeUnicorn-17921.exeUnicorn-61968.exeUnicorn-30727.exeUnicorn-42102.exeUnicorn-29104.exeUnicorn-45440.exeUnicorn-14199.exeUnicorn-12575.exeUnicorn-46872.exeUnicorn-42093.exeUnicorn-3883.exeUnicorn-21843.exeUnicorn-33026.exeUnicorn-55004.exeUnicorn-5803.exeUnicorn-5803.exeUnicorn-5611.exeUnicorn-53551.exeUnicorn-49830.exeUnicorn-16773.exeUnicorn-4843.exeUnicorn-49446.exe

pid	process
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
1440	Unicorn-26653.exe
2472	Unicorn-20853.exe
2100	Unicorn-24383.exe
2644	Unicorn-36194.exe
2664	Unicorn-49001.exe
2640	Unicorn-3329.exe
1680	Unicorn-10143.exe
1424	Unicorn-55815.exe
316	Unicorn-15104.exe
2216	Unicorn-15104.exe
1992	Unicorn-39286.exe
1624	Unicorn-2795.exe
2284	Unicorn-64803.exe
2076	Unicorn-50735.exe
2060	Unicorn-24607.exe
2892	Unicorn-57279.exe
580	Unicorn-8078.exe
592	Unicorn-4549.exe
2360	Unicorn-37413.exe
2380	Unicorn-4321.exe
2364	Unicorn-14113.exe
2028	Unicorn-36994.exe
1304	Unicorn-33464.exe
1976	Unicorn-3937.exe
1664	Unicorn-13729.exe
1224	Unicorn-19890.exe
2116	Unicorn-16360.exe
2308	Unicorn-52562.exe
1720	Unicorn-52562.exe
2356	Unicorn-19698.exe
2172	Unicorn-65369.exe
2204	Unicorn-14116.exe
2440	Unicorn-17454.exe
1920	Unicorn-62056.exe
2944	Unicorn-48865.exe
2548	Unicorn-61672.exe
2536	Unicorn-33214.exe
2436	Unicorn-48481.exe
2976	Unicorn-61288.exe
2696	Unicorn-15617.exe
1824	Unicorn-12959.exe
2168	Unicorn-17921.exe
1896	Unicorn-61968.exe
2012	Unicorn-30727.exe
2420	Unicorn-42102.exe
2004	Unicorn-29104.exe
1200	Unicorn-45440.exe
1764	Unicorn-14199.exe
1628	Unicorn-12575.exe
1736	Unicorn-46872.exe
840	Unicorn-42093.exe
1364	Unicorn-3883.exe
1852	Unicorn-21843.exe
1640	Unicorn-33026.exe
896	Unicorn-55004.exe
2184	Unicorn-5803.exe
1740	Unicorn-5803.exe
1328	Unicorn-5611.exe
2672	Unicorn-53551.exe
324	Unicorn-49830.exe
2524	Unicorn-16773.exe
2544	Unicorn-4843.exe
2648	Unicorn-49446.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exeUnicorn-26653.exeUnicorn-20853.exeUnicorn-24383.exeUnicorn-36194.exeUnicorn-3329.exeUnicorn-49001.exeUnicorn-10143.exe

description	pid	process	target process
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe

C:\Users\Admin\AppData\Local\Temp\bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
"C:\Users\Admin\AppData\Local\Temp\bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        11⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        12⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        13⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        14⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        15⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        14⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
        13⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        12⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
        11⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        10⤵
        Program crash
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        9⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        10⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
        12⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        13⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        14⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 236
        13⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        9⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        9⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
        12⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        13⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        14⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 236
        13⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        12⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
        10⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        9⤵
        Program crash
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        Program crash
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        9⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        11⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        12⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
        13⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        14⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 236
        14⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        12⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        13⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 236
        13⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        12⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        12⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
        9⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
        8⤵
        Program crash
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        10⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        12⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        13⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
        14⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
        14⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        13⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        12⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        11⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        10⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        11⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
        12⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        13⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
        12⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        11⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        10⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 220
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        12⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
        13⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        13⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        11⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        8⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        12⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        13⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 220
        13⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 220
        11⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        7⤵
        Program crash
        
        PID:2616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        6⤵
        Program crash
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        11⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        12⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        13⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        14⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 220
        14⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        13⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        12⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        11⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        10⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        11⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        12⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
        13⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        12⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        8⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
        8⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        11⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        12⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        13⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        8⤵
        Program crash
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        Program crash
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        11⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        12⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
        13⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
        13⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
        11⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        10⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        10⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
        11⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        12⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
        12⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 220
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
        10⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        8⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        7⤵
        Program crash
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        6⤵
        Program crash
        
        PID:844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        12⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        13⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
        13⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        11⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
        9⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        11⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        12⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        13⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 236
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        11⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        7⤵
        Program crash
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        12⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        13⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
        13⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        11⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        10⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        11⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        11⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        10⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        11⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        12⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
        12⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        11⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        10⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        8⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        7⤵
        Program crash
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        6⤵
        Program crash
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        11⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
        12⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        11⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        9⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
        7⤵
        Program crash
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        6⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        10⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        11⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        12⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 220
        12⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        11⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        9⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        7⤵
        Program crash
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:1876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        5⤵
        Program crash
        
        PID:2756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        12⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        13⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        14⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        13⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        12⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        11⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        10⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        9⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        11⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        12⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 220
        13⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        11⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        8⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        12⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        13⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 240
        13⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        10⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        11⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
        12⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        8⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        7⤵
        Program crash
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
        11⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        12⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        13⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
        13⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        11⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        11⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        12⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 216
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        11⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        10⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        11⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
        12⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
        12⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        11⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        10⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 216
        8⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        7⤵
        Program crash
        
        PID:3216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        6⤵
        Program crash
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        11⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
        12⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
        13⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 220
        13⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        10⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        11⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        12⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 220
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        11⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        10⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        11⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        12⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 236
        12⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        11⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
        8⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        7⤵
        Program crash
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        10⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        11⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
        11⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        10⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        6⤵
        Program crash
        
        PID:2424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        5⤵
        Program crash
        
        PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        12⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        13⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 220
        13⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        11⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        10⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        11⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        12⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        10⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        11⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        12⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
        12⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        7⤵
        Program crash
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        6⤵
        Program crash
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        11⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
        12⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        11⤵
        
        PID:788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
        9⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        10⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        11⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
        11⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        10⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        9⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        9⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        10⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        11⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 220
        11⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        9⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        8⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        7⤵
        
        PID:4872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        6⤵
        Program crash
        
        PID:3504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        5⤵
        Program crash
        
        PID:1904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        12⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        13⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        14⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
        14⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        13⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        12⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        11⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        10⤵
        Program crash
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        11⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        12⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        13⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        12⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        11⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        9⤵
        Program crash
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        11⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        12⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
        13⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        13⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
        11⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        10⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        9⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        Program crash
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 188
        8⤵
        Program crash
        
        PID:2988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        7⤵
        Program crash
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        11⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        12⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
        12⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        11⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        8⤵
        Program crash
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        7⤵
        Program crash
        
        PID:2752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        11⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        12⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        13⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 220
        13⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        11⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        10⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        11⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        12⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        11⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        11⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        12⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 220
        12⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        11⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        10⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        11⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        12⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 236
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
        7⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 220
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        
        PID:5928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        6⤵
        Program crash
        
        PID:1516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        5⤵
        Program crash
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        12⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        13⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
        12⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        11⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        10⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        11⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        12⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 236
        11⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        10⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        10⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        11⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        12⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 236
        11⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        10⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        8⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        9⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
        10⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
        11⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        10⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        9⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        7⤵
        Program crash
        
        PID:4188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        6⤵
        Program crash
        
        PID:3020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        5⤵
        Program crash
        
        PID:684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        10⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        11⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        12⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
        11⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        9⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        10⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        11⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
        11⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        10⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        9⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        8⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 220
        7⤵
        
        PID:4516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
        6⤵
        Program crash
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        11⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        12⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
        12⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        11⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        10⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        10⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        11⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 220
        11⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        10⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        9⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        7⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        9⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
        10⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
        11⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        10⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        9⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        8⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        7⤵
        
        PID:4880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        6⤵
        Program crash
        
        PID:3160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        5⤵
        Program crash
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        9⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        10⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        11⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
        11⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
        10⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
        9⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        8⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        7⤵
        Program crash
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
        6⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        10⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        11⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        10⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        7⤵
        
        PID:4644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
        6⤵
        Program crash
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
        5⤵
        Executes dropped EXE
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        9⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        10⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        11⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 220
        11⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        10⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        9⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        8⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        7⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        6⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        9⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        10⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 220
        10⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        9⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        8⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        7⤵
        
        PID:6944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        6⤵
        
        PID:5028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        5⤵
        Program crash
        
        PID:3052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
      4⤵
      Program crash
      PID:1704
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
  2⤵
  - Program crash
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe

Filesize
184KB

MD5
7ff67b2440d8aad86c877c638d5dd039

SHA1
dcf6937057ff891744163cc28ca87e85de09bb06

SHA256
a68dc2709bcd9945183b4a7bdf9928cd750044c3940e203e9e55ce1c27477bc2

SHA512
69e40a701e2993c8ac9bd5c249f09dd2fe26c40e8d6d7a52c61cec6f11151f29fc59a0d085288cd0e9a719b2f3c87466da1ea1e8d83d2077c4b7fc37528ded57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe

Filesize
184KB

MD5
fa87dcfa98afba1ab5a0d0f0bb261c4a

SHA1
fd88d7a14cba651379e9cf0d8575923995972f52

SHA256
c25a7a6bb940be642c864c840d42c25868788b87c676b942a2a44308b93117f7

SHA512
dc1902ff1e6e07194284af7c963448654a3deda1a7b8fe8dfcbb54dd8b4f59697e2852420ef0afd86f741d304b06ba32f41db83c9453d3dfe0d0dde05220a98d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe

Filesize
184KB

MD5
f188100b5eab5cdce69bfce260c37ff3

SHA1
31c05449bbc13abdc1760f1f74d9aee2158e0045

SHA256
0f7841108b8c67b3110f9f84f7e5d8a7934f8170fcd1c25aee01a0f03b74c8ca

SHA512
421dddbd8b77a3fc373fcfc32ec12b8de19f4561e8a7670a30352b0422967edb94f665018bff93ac86683c3b346b92c6033b5e62cff90e87063966b192956b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe

Filesize
184KB

MD5
75140b2b1f8e6809de61c68b506fd81b

SHA1
d65d0fc4a4f161da25dda9884cdb99e16cb3d027

SHA256
98c84219369e520a9fdd691384ec9645609001d8f079f92daf95b0f540946020

SHA512
4292e1d4da56fb738fc6bd7229348a28f5dbab9bc31570b94b6104cb7bdd727794c70c6950c38662bd93cf0225b93f6ea5f9fd4126436cbbc2480cb6caee01b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe

Filesize
184KB

MD5
2a2500cc9ee9538b67ace4182a609bfe

SHA1
7e245ae8a70e9b06325253da14516e7c16da8150

SHA256
f790704da06634724b2421b9f8142c3a49bf2c3b910c8da665ea87f6d4d1da05

SHA512
f5ce77e599a9c467ab41ac4398b85148867a5c1a5e175aee547f239da820998878d6994d64b849dd3a41655f3c08c68a6ba26a3ef93c0666859616702a33aab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe

Filesize
184KB

MD5
3c15d3a99b2283c5c94a2f70680c7516

SHA1
0f990f81bbe02e10cee5c99108e4d2467660481e

SHA256
1d5a2a15b93831a70655bcb17f2f2bc1a70c792ce030374ad859f93c5ecf0145

SHA512
7486b204e598d2e6ba5d4f86b10d96dcda9338e7a7efd7edf46ee3c9047780b1f400c0e286ae97eba5cfcf6f3f1c5f07da2c24edb55d5492da9d5af177210c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe

Filesize
184KB

MD5
2942f5d7b17ae7dce206c00ff440cc73

SHA1
9f34be8f29c557bf1948ac56664b05d75aa65ba2

SHA256
a4298664249350a32af5f35518c89edfe100b71ae4fabac27c47b985e08d684a

SHA512
c5fb0417aa2ec9bddb5415fe59d46e203a208f5d7155031514487ebee5eb7d247097783ddea8700eb590b576b3c0755a207aec203ad1b108d69e0fa4058b6550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe

Filesize
184KB

MD5
2306485fbfececf2aadcb53221d5dc80

SHA1
5afee0660ee8f9300cec0d0cf001c9f4b260328a

SHA256
b6f3430201c85e440ac61c77aed6e8915e298eca494525d5103f5181a7016894

SHA512
80d3afed6d35cfa30c6fcfd10db47997447e0ff762b5e0fd12653d681497d97e40b213051950c3b6a5e0d16ef3a7a5d252845d5b4be4b57c19d278aaa8de7de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe

Filesize
184KB

MD5
720d3c157dbe53a0fee31a24a8057643

SHA1
d0fab6796dbc8e8cadcd25acbc76a98d760d694e

SHA256
75daf45448a3337f4af996bead3220476fd9cd60e00480bc34d445cc46cd62f4

SHA512
a37723a419e042f72bdd813144ffc8de222b3756fc4807149cb026ee659c1bf210f5ffeae1d366d8cad4c85532f434383b9ae30a1508c566ca1cf59900a456fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe

Filesize
184KB

MD5
5413e561bd29bc1a5e7f2d413e7a2def

SHA1
e38a43ad17335f9b3c2f920e0d87a2566a4a1a9e

SHA256
a509f059b866f0b97d7ffd12cb5e8832004d5cfdf81528186098b1d7630505d8

SHA512
c4dcd469e8b461dda7e6adce8a39b1212d0cc706a7ca51af587195bdc7d29170489f3db742ac55054fa943efa5a83c6c61bcdb7a84a09b0e7273fe2af77a0735

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe

Filesize
184KB

MD5
e5080b455d759d19730062f7b0d3c818

SHA1
d5069ced28fa99973fc4fe0f04e2a6c845a8aaf5

SHA256
fc4dfbe778f2db4e47a16e968de443244f4436dc302688e7ca6a883033208210

SHA512
b3806b1d92ee724b539ff4e3464b547fad2f27d4f30bace7e53e389f11b8de63f93523204fbb7e3bdae2cd600944f1f84683be52e1c4a6a3c71973a9cd6750c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe

Filesize
184KB

MD5
37af80e45dbcaf616cd4abbfaf2b2b7f

SHA1
95f4a4c485e5193d456c8dd5a8c4f50d2ba2297a

SHA256
d3348dfbf6e7075d24ab921071592a266edc25f20ccc45e7ccb34c2f1f478952

SHA512
933a322bb325f6bdf0e370e397beaf632739e58bb9b32ccf1e9453fcf0aa4bec09693b5d9d96e69407c63ef16f7e224b1c05a16e691321e13d5e531eb88c5ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe

Filesize
184KB

MD5
38d3842c87079f4ddf07bf6753d211e8

SHA1
f540761addbe29d5473e16722761775ad69fb8e1

SHA256
a7bb6ff977aea5346ffe6724b789fbf62872fc2be8a099285692ad113c176535

SHA512
8f82ffe8265422494dcb8d7c5e492e0117284fd2e1e83ed5304067c0711132c33955e5369d809e5d49da7d4bdbddeb5b60e0dc604302f032aac1da9f29758b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe

Filesize
184KB

MD5
fbd3d1fd0f0aeca9c91bb34b8fae4ea6

SHA1
b394bc7cf86f2bfb0e5160492a10c5f87cd15148

SHA256
ea471327ed9b5dafad3d7624bd54058d932d15a6411b5f67b88b7717c9bda203

SHA512
5a8ee00ce717c2f97e3ab7739391569e1fb3dcf77fd5875f8b3aa624dfd9611d1d94c8652729fed93b6aa9d4401e70a279ebc45e13a291d8b452de593be1bc69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe

Filesize
184KB

MD5
ace9d38d6c51997ce6a80492ba0e2b9e

SHA1
b023db719f389a8267378fdda941868991242adf

SHA256
921718c3ed84a00ea749cf06e0e31f89cb144afd96646a309cc95c0c489835eb

SHA512
9384bf317f712b35e4ab88e9ece47c442ecfc6d85b2f70e9fe0b678e87cc5b3b03664934e8b02698029b4505c0d2f160164a86c5d965fa7cf79f4785bf0f8757

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe

Filesize
184KB

MD5
5ef73044c0ea1767178d07e4deb64a12

SHA1
521e3df03ea81be8f34d4aaba579ecc5abbf5437

SHA256
20b5e2d3f750ea53f13418fe3ee89fc1d64c14b8db84939a931d0adae3b649bc

SHA512
9a9a5de55f4fc242765684e446a194950d372a323232eb07d0f923981b506914a3169d788fa1c24ffbbcac56cdd58a1bacee85a37127097ad334c4a637a2b3af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe

Filesize
184KB

MD5
c69b3f9ee7c32d9f35d128d17fb2e019

SHA1
f0df905353daeda79b6086356136177c65701406

SHA256
f61204459140bfa1635c32a59af8125b248a55cf2c029cbe489ee53b1b84dd2f

SHA512
fe5e26a4095b54d5a769b2ce038fdba576ce087fd4ddb32c6991b4ee37a4f3d2d2b7df38337037ea1d049dddbeded2c185dcdd8ed66504f30333e6ff270be8f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe

Filesize
184KB

MD5
8c73d15ef6834972d6272f5ddae3c677

SHA1
5144f10171af981f9a71dcf189b5bf2db6ddf29a

SHA256
7226ce39087864cbded79a21b6f0d48b82f21b53a6da8fdb99ee4d7290cda6e8

SHA512
01d9aa50387265c530e7de8302f54044896bfe36306cbbc24d3646508f3c32f3c31fcb70dac1b9520b71702a7dceaca39b6dd0170aa8baa3adc8701fdc9079dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe

Filesize
184KB

MD5
f75d747782bfbf5aa4ddd6f14eed65af

SHA1
94f5930cf95cab0ed9cd1a862e967959c993df59

SHA256
2b081e3856880045135c370513be19de78a124909bcac4d909446707cada8707

SHA512
b8212ec60589fbadab0ab6219f5b1ca7a16fa77471d8d80742068bfdb98e03173d5c70655e6786c2e5e4addd3c8c43cf382dd8b931b6baf403ff3c94abfbbede

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe

Filesize
184KB

MD5
f696eeedeba34f10826217975657e107

SHA1
6cb7e044c033f11006a113b13897be2516317cd3

SHA256
4949c69bc5af7c8196bbebb3fc139efc9c7a338c18371dd5b176ecb677cfbf18

SHA512
68db4a6b8076f901a46cb312043e2a06eee6ce1558146730f28317260e7cb28ee91b85dd1fbef28cb16d47783cd5c55a2e4d9e455e40dda5577fdb7f53b4c554

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe

Filesize
184KB

MD5
8cd2bae1c8e5f90f5dade6b32cc4be9a

SHA1
2b8088de97c6b9f664695c51fb9069bcb77bb9c9

SHA256
97c8c1775f962a8ed72538e7bd8f0988db4c96bd58b587eb3704a825ba68aa60

SHA512
215c0f414cf2be39fc8dd663ee6332ae5ec432197030b6b4f73588ffa2555726400dcccea1c997b753007ff3a17d04eb0bcdb599c7821f05c24dd8f60316bece

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe

Filesize
184KB

MD5
76a670b379cc4e23f7db0d424b921119

SHA1
dd78950c3c3687a61e5d129f2427633e9c793cf0

SHA256
2ec65862fd92a1552035cafd654c89b958a35dac4851b0856b08e78abb7c33c4

SHA512
7f36ac0ac81263c8c16ca598fbceac73f5136ee85c6312c48ea4201b5a94430a8e8076e8183b738bb8025cc662eabe926a46523654200b63f5d2ad5490481e4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe

Filesize
184KB

MD5
0878c9e8cf9c479a91c67fa8efe4af30

SHA1
95cd4e1a975caad636ac0a271f59dbfeb0d594e1

SHA256
47f8297d3849b21ea299dafcc97b7a5f7f9df28b6cd1276f9726739892461ecc

SHA512
5cfdeb4a1d215af1b42251e8425df346a38dc511000c97e4350c64f40e20719d817726dcf5085ba3aa6088c64a0c29973f71c379892a1742758cdeb935e5b244

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe

Filesize
184KB

MD5
51135686609355095a76801d4f873e5e

SHA1
453831502813415641bbf81ff749e93f9e7b0fb1

SHA256
c6bbfbb1361372fdb9c2c70d004c8121139dc5365412e953f28ad61f08dcde75

SHA512
a9cf3f69fa72f0e52288a2759260938745031e1830e48e920fbc783c4d46666d25d39dc5612bdc3e4f408617e956016f9fb7766a2b48089bc17f28e049b4b312

Download Submit