bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
Size

184KB
MD5

9517be7e2de8a330d18bd6d8ae062c05
SHA1

507f5aecb132dfca50ce495ff78bac612a87e61b
SHA256

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29
SHA512

7975d71a6e1d7fccb33b31dc75e64ac6f95a9e5867e2649414f390886879f02224ae7b159446d65fa370a7c4c34f9f7d876ba05df7bd14748871b18586a5bfcb
SSDEEP

3072:OlOPPoo6dRzTjW4WeinL+QwFhlnViFinY:OlNoIHW4+LPwFhlnViFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-40983.exeUnicorn-7013.exeUnicorn-52685.exeUnicorn-23197.exeUnicorn-23197.exeUnicorn-3331.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exeUnicorn-39802.exeUnicorn-50566.exeUnicorn-42891.exeUnicorn-17318.exeUnicorn-55698.exeUnicorn-6497.exeUnicorn-59035.exeUnicorn-55434.exeUnicorn-51905.exeUnicorn-54858.exeUnicorn-54209.exeUnicorn-57546.exeUnicorn-56477.exeUnicorn-52948.exeUnicorn-23613.exeUnicorn-3747.exeUnicorn-39949.exeUnicorn-55185.exeUnicorn-35319.exeUnicorn-38657.exeUnicorn-57323.exeUnicorn-11651.exeUnicorn-44132.exeUnicorn-24074.exeUnicorn-43940.exeUnicorn-28481.exeUnicorn-8615.exeUnicorn-44625.exeUnicorn-43556.exeUnicorn-40026.exeUnicorn-43364.exeUnicorn-43364.exeUnicorn-39834.exeUnicorn-58888.exeUnicorn-37953.exeUnicorn-6158.exeUnicorn-26024.exeUnicorn-60507.exeUnicorn-28712.exeUnicorn-24113.exeUnicorn-56786.exeUnicorn-11114.exeUnicorn-43403.exeUnicorn-59355.exeUnicorn-10154.exeUnicorn-9697.exeUnicorn-49661.exeUnicorn-62235.exeUnicorn-45707.exeUnicorn-20134.exeUnicorn-58514.exeUnicorn-29179.exeUnicorn-29179.exeUnicorn-49277.exeUnicorn-41985.exe

pid	process
2972	Unicorn-40983.exe
2592	Unicorn-7013.exe
2836	Unicorn-52685.exe
2524	Unicorn-23197.exe
2180	Unicorn-23197.exe
2996	Unicorn-3331.exe
2632	Unicorn-7322.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2220	Unicorn-39802.exe
240	Unicorn-50566.exe
1248	Unicorn-42891.exe
2032	Unicorn-17318.exe
1740	Unicorn-55698.exe
2244	Unicorn-6497.exe
540	Unicorn-59035.exe
1580	Unicorn-55434.exe
1160	Unicorn-51905.exe
2356	Unicorn-54858.exe
2376	Unicorn-54209.exe
812	Unicorn-57546.exe
1492	Unicorn-56477.exe
976	Unicorn-52948.exe
1712	Unicorn-23613.exe
2816	Unicorn-3747.exe
2232	Unicorn-39949.exe
2340	Unicorn-55185.exe
2320	Unicorn-35319.exe
972	Unicorn-38657.exe
1548	Unicorn-57323.exe
1680	Unicorn-11651.exe
1760	Unicorn-44132.exe
2680	Unicorn-24074.exe
2544	Unicorn-43940.exe
2560	Unicorn-28481.exe
2724	Unicorn-8615.exe
2440	Unicorn-44625.exe
2704	Unicorn-43556.exe
2484	Unicorn-40026.exe
2500	Unicorn-43364.exe
312	Unicorn-43364.exe
2748	Unicorn-39834.exe
780	Unicorn-58888.exe
2956	Unicorn-37953.exe
960	Unicorn-6158.exe
1420	Unicorn-26024.exe
1376	Unicorn-60507.exe
1456	Unicorn-28712.exe
2288	Unicorn-24113.exe
1432	Unicorn-56786.exe
1040	Unicorn-11114.exe
452	Unicorn-43403.exe
920	Unicorn-59355.exe
1448	Unicorn-10154.exe
1800	Unicorn-9697.exe
1212	Unicorn-49661.exe
3064	Unicorn-62235.exe
1032	Unicorn-45707.exe
1896	Unicorn-20134.exe
2044	Unicorn-58514.exe
1564	Unicorn-29179.exe
2808	Unicorn-29179.exe
2076	Unicorn-49277.exe
2520	Unicorn-41985.exe

Loads dropped DLL 64 IoCs

Processes:

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exeUnicorn-40983.exeUnicorn-52685.exeUnicorn-7013.exeWerFault.exeUnicorn-23197.exeUnicorn-3331.exeWerFault.exeWerFault.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exeUnicorn-39802.exeWerFault.exeWerFault.exeUnicorn-50566.exeUnicorn-17318.exe

pid	process
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2972	Unicorn-40983.exe
2972	Unicorn-40983.exe
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2972	Unicorn-40983.exe
2836	Unicorn-52685.exe
2836	Unicorn-52685.exe
2592	Unicorn-7013.exe
2972	Unicorn-40983.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2592	Unicorn-7013.exe
2592	Unicorn-7013.exe
2524	Unicorn-23197.exe
2524	Unicorn-23197.exe
2996	Unicorn-3331.exe
2996	Unicorn-3331.exe
2836	Unicorn-52685.exe
2836	Unicorn-52685.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
276	WerFault.exe
956	WerFault.exe
276	WerFault.exe
2632	Unicorn-7322.exe
2632	Unicorn-7322.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2524	Unicorn-23197.exe
2524	Unicorn-23197.exe
2996	Unicorn-3331.exe
2996	Unicorn-3331.exe
2220	Unicorn-39802.exe
2220	Unicorn-39802.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
240	Unicorn-50566.exe
240	Unicorn-50566.exe
2632	Unicorn-7322.exe
2632	Unicorn-7322.exe
2032	Unicorn-17318.exe
2032	Unicorn-17318.exe
1532	Unicorn-59668.exe
1532	Unicorn-59668.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2192	WerFault.exe	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2968	2972	WerFault.exe	Unicorn-40983.exe
276	2592	WerFault.exe	Unicorn-7013.exe
956	2836	WerFault.exe	Unicorn-52685.exe
1424	2524	WerFault.exe	Unicorn-23197.exe
940	2996	WerFault.exe	Unicorn-3331.exe
1228	2796	WerFault.exe	Unicorn-43332.exe
568	1532	WerFault.exe	Unicorn-59668.exe
1440	2220	WerFault.exe	Unicorn-39802.exe
1500	240	WerFault.exe	Unicorn-50566.exe
1084	2032	WerFault.exe	Unicorn-17318.exe
864	1248	WerFault.exe	Unicorn-42891.exe
2256	540	WerFault.exe	Unicorn-59035.exe
1952	1740	WerFault.exe	Unicorn-55698.exe
2260	2244	WerFault.exe	Unicorn-6497.exe
3000	1580	WerFault.exe	Unicorn-55434.exe
2692	1160	WerFault.exe	Unicorn-51905.exe
1656	2356	WerFault.exe	Unicorn-54858.exe
2776	2376	WerFault.exe	Unicorn-54209.exe
2140	812	WerFault.exe	Unicorn-57546.exe
1796	1492	WerFault.exe	Unicorn-56477.exe
2880	1712	WerFault.exe	Unicorn-23613.exe
2028	976	WerFault.exe	Unicorn-52948.exe
848	2816	WerFault.exe	Unicorn-3747.exe
600	2232	WerFault.exe	Unicorn-39949.exe
2752	2340	WerFault.exe	Unicorn-55185.exe
2800	972	WerFault.exe	Unicorn-38657.exe
2184	1548	WerFault.exe	Unicorn-57323.exe
2272	1680	WerFault.exe	Unicorn-11651.exe
3036	1760	WerFault.exe	Unicorn-44132.exe
2876	2680	WerFault.exe	Unicorn-24074.exe
2604	2544	WerFault.exe	Unicorn-43940.exe
2540	2560	WerFault.exe	Unicorn-28481.exe
2512	2724	WerFault.exe	Unicorn-8615.exe
2196	2484	WerFault.exe	Unicorn-40026.exe
2160	2500	WerFault.exe	Unicorn-43364.exe
2632	312	WerFault.exe	Unicorn-43364.exe
2056	2704	WerFault.exe	Unicorn-43556.exe
2052	2440	WerFault.exe	Unicorn-44625.exe
3552	780	WerFault.exe	Unicorn-58888.exe
3580	2956	WerFault.exe	Unicorn-37953.exe
3604	1376	WerFault.exe	Unicorn-60507.exe
3656	2288	WerFault.exe	Unicorn-24113.exe
3752	1420	WerFault.exe	Unicorn-26024.exe
3820	960	WerFault.exe	Unicorn-6158.exe
3360	1432	WerFault.exe	Unicorn-56786.exe
3384	1040	WerFault.exe	Unicorn-11114.exe
3372	3064	WerFault.exe	Unicorn-62235.exe
3528	2076	WerFault.exe	Unicorn-49277.exe
3792	1212	WerFault.exe	Unicorn-49661.exe
3160	452	WerFault.exe	Unicorn-43403.exe
3452	1516	WerFault.exe	Unicorn-62038.exe
3836	2208	WerFault.exe	Unicorn-6361.exe
3532	2520	WerFault.exe	Unicorn-41985.exe
4024	3060	WerFault.exe	Unicorn-39418.exe
3868	300	WerFault.exe	Unicorn-12261.exe
4108	1896	WerFault.exe	Unicorn-20134.exe
4148	920	WerFault.exe	Unicorn-59355.exe
4164	108	WerFault.exe	Unicorn-23824.exe
4188	2264	WerFault.exe	Unicorn-7103.exe
4196	2496	WerFault.exe	Unicorn-26128.exe
4212	2664	WerFault.exe	Unicorn-20102.exe
4280	2424	WerFault.exe	Unicorn-57565.exe
4316	2572	WerFault.exe	Unicorn-60253.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exeUnicorn-40983.exeUnicorn-7013.exeUnicorn-52685.exeUnicorn-23197.exeUnicorn-3331.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exeUnicorn-39802.exeUnicorn-50566.exeUnicorn-42891.exeUnicorn-17318.exeUnicorn-59035.exeUnicorn-6497.exeUnicorn-55698.exeUnicorn-55434.exeUnicorn-51905.exeUnicorn-54858.exeUnicorn-54209.exeUnicorn-57546.exeUnicorn-56477.exeUnicorn-3747.exeUnicorn-52948.exeUnicorn-23613.exeUnicorn-39949.exeUnicorn-55185.exeUnicorn-38657.exeUnicorn-11651.exeUnicorn-57323.exeUnicorn-44132.exeUnicorn-24074.exeUnicorn-43940.exeUnicorn-8615.exeUnicorn-28481.exeUnicorn-40026.exeUnicorn-43556.exeUnicorn-44625.exeUnicorn-43364.exeUnicorn-43364.exeUnicorn-58888.exeUnicorn-37953.exeUnicorn-6158.exeUnicorn-26024.exeUnicorn-60507.exeUnicorn-24113.exeUnicorn-28712.exeUnicorn-56786.exeUnicorn-11114.exeUnicorn-43403.exeUnicorn-59355.exeUnicorn-10154.exeUnicorn-9697.exeUnicorn-49661.exeUnicorn-62235.exeUnicorn-45707.exeUnicorn-20134.exeUnicorn-58514.exeUnicorn-29179.exeUnicorn-29179.exeUnicorn-49277.exeUnicorn-61851.exeUnicorn-41985.exeUnicorn-16412.exe

pid	process
2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
2972	Unicorn-40983.exe
2592	Unicorn-7013.exe
2836	Unicorn-52685.exe
2524	Unicorn-23197.exe
2996	Unicorn-3331.exe
2632	Unicorn-7322.exe
2796	Unicorn-43332.exe
1532	Unicorn-59668.exe
2220	Unicorn-39802.exe
240	Unicorn-50566.exe
1248	Unicorn-42891.exe
2032	Unicorn-17318.exe
540	Unicorn-59035.exe
2244	Unicorn-6497.exe
1740	Unicorn-55698.exe
1580	Unicorn-55434.exe
1160	Unicorn-51905.exe
2356	Unicorn-54858.exe
2376	Unicorn-54209.exe
812	Unicorn-57546.exe
1492	Unicorn-56477.exe
2816	Unicorn-3747.exe
976	Unicorn-52948.exe
1712	Unicorn-23613.exe
2232	Unicorn-39949.exe
2340	Unicorn-55185.exe
972	Unicorn-38657.exe
1680	Unicorn-11651.exe
1548	Unicorn-57323.exe
1760	Unicorn-44132.exe
2680	Unicorn-24074.exe
2544	Unicorn-43940.exe
2724	Unicorn-8615.exe
2560	Unicorn-28481.exe
2484	Unicorn-40026.exe
2704	Unicorn-43556.exe
2440	Unicorn-44625.exe
2500	Unicorn-43364.exe
312	Unicorn-43364.exe
780	Unicorn-58888.exe
2956	Unicorn-37953.exe
960	Unicorn-6158.exe
1420	Unicorn-26024.exe
1376	Unicorn-60507.exe
2288	Unicorn-24113.exe
1456	Unicorn-28712.exe
1432	Unicorn-56786.exe
1040	Unicorn-11114.exe
452	Unicorn-43403.exe
920	Unicorn-59355.exe
1448	Unicorn-10154.exe
1800	Unicorn-9697.exe
1212	Unicorn-49661.exe
3064	Unicorn-62235.exe
1032	Unicorn-45707.exe
1896	Unicorn-20134.exe
2044	Unicorn-58514.exe
2808	Unicorn-29179.exe
1564	Unicorn-29179.exe
2076	Unicorn-49277.exe
2024	Unicorn-61851.exe
2520	Unicorn-41985.exe
1604	Unicorn-16412.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exeUnicorn-40983.exeUnicorn-52685.exeUnicorn-7013.exeUnicorn-23197.exeUnicorn-3331.exeUnicorn-7322.exeUnicorn-43332.exeUnicorn-59668.exe

description	pid	process	target process
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2192 wrote to memory of 2972	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-40983.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-40983.exe	Unicorn-7013.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2836	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	Unicorn-52685.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe	WerFault.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2836 wrote to memory of 2524	2836	Unicorn-52685.exe	Unicorn-23197.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-40983.exe	Unicorn-3331.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2972 wrote to memory of 2968	2972	Unicorn-40983.exe	WerFault.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2592 wrote to memory of 2632	2592	Unicorn-7013.exe	Unicorn-7322.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2524 wrote to memory of 2796	2524	Unicorn-23197.exe	Unicorn-43332.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2996 wrote to memory of 1532	2996	Unicorn-3331.exe	Unicorn-59668.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2836 wrote to memory of 2220	2836	Unicorn-52685.exe	Unicorn-39802.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2592 wrote to memory of 276	2592	Unicorn-7013.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2836 wrote to memory of 956	2836	Unicorn-52685.exe	WerFault.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2632 wrote to memory of 240	2632	Unicorn-7322.exe	Unicorn-50566.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 2796 wrote to memory of 1248	2796	Unicorn-43332.exe	Unicorn-42891.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe
PID 1532 wrote to memory of 2032	1532	Unicorn-59668.exe	Unicorn-17318.exe

C:\Users\Admin\AppData\Local\Temp\bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe
"C:\Users\Admin\AppData\Local\Temp\bd5fdf1d9dd632732f057a44d11727c0ded2fa637892a3f45797652ae8257a29.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
      4⤵
      Executes dropped EXE
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
        11⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        12⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
        13⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        14⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        14⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        13⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        12⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
        10⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        12⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        13⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        11⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
        10⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        11⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        12⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        13⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        13⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        12⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        11⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        10⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        9⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        11⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        12⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        13⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
        13⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        11⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        12⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        13⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        9⤵
        Program crash
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        Program crash
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        11⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        12⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        13⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
        13⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        11⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        11⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        11⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        12⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        11⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 220
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        11⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        11⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        11⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        8⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        7⤵
        Program crash
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        6⤵
        Executes dropped EXE
        
        PID:2320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
        6⤵
        Program crash
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        12⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        10⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        9⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        11⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        12⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        12⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        11⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        12⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
        11⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        12⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        7⤵
        Program crash
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
        12⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        12⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
        11⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        10⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49975.exe
        11⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        10⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        10⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
        11⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        10⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        7⤵
        Program crash
        
        PID:3820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        6⤵
        Program crash
        
        PID:2692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        11⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        13⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        13⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        12⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        11⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        12⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        10⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        12⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        8⤵
        Program crash
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        11⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        12⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        13⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        12⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        11⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        9⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 220
        10⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        11⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        9⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        8⤵
        Program crash
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        Program crash
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        10⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        12⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        12⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 220
        11⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        9⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 240
        10⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        9⤵
        Program crash
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        11⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        12⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
        12⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 220
        11⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 220
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        10⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        11⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        11⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        10⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
        8⤵
        Program crash
        
        PID:3868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        7⤵
        Program crash
        
        PID:2184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        10⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        11⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        12⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        13⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        13⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 220
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        11⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        10⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        11⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        12⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        12⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        11⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        11⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 220
        8⤵
        Program crash
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        10⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        11⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        11⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        10⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        9⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        7⤵
        Program crash
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        12⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        11⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        11⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
        11⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 220
        11⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 220
        10⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        7⤵
        Program crash
        
        PID:3360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        6⤵
        Program crash
        
        PID:2776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        5⤵
        Program crash
        
        PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        10⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        11⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        10⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        11⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        11⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        10⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        10⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        11⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
        11⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 220
        10⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
        7⤵
        Program crash
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        10⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        11⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
        11⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        10⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        8⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        7⤵
        Program crash
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        5⤵
        Executes dropped EXE
        
        PID:2748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Program crash
        
        PID:2260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        11⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        12⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        13⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        14⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        14⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        12⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        11⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        11⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        12⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        11⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        11⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        12⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        12⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
        9⤵
        Program crash
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        12⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        8⤵
        Program crash
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        11⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
        12⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        12⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        11⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        10⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        9⤵
        Program crash
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
        11⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        10⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
        8⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
        7⤵
        Program crash
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        12⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 236
        11⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        11⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        11⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        10⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
        8⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        10⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        10⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        8⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        7⤵
        Program crash
        
        PID:2876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        6⤵
        Program crash
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        8⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        11⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        12⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        12⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
        9⤵
        Program crash
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        10⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        11⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        10⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        11⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 220
        11⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        10⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        8⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        7⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        11⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        11⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        10⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        10⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        9⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        8⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:3532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
        6⤵
        Program crash
        
        PID:2028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        5⤵
        Program crash
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        11⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        12⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        11⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        Program crash
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        10⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        11⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
        11⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        10⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        10⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        11⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        11⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        9⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
        8⤵
        Program crash
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        10⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        11⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        8⤵
        Program crash
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        10⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
        9⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        8⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        7⤵
        
        PID:5908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        6⤵
        Program crash
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        9⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
        10⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        11⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        11⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 216
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        9⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        10⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        10⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        9⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        8⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        10⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        10⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        9⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        8⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        7⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        6⤵
        Program crash
        
        PID:2196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        5⤵
        Program crash
        
        PID:1952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        11⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        12⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        12⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 220
        11⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        10⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        10⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
        11⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        11⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        10⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        11⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        11⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 220
        10⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
        8⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        7⤵
        Program crash
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
        11⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 236
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
        10⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        8⤵
        Program crash
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        7⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        7⤵
        Program crash
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        6⤵
        Program crash
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        9⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        10⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        10⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        8⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        7⤵
        Program crash
        
        PID:3372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        6⤵
        Program crash
        
        PID:2512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        5⤵
        Program crash
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        10⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        11⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        11⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        10⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31666.exe
        10⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        10⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        9⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        9⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        10⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        10⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        9⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        8⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220
        7⤵
        Program crash
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        6⤵
        Program crash
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 220
        10⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 220
        9⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        8⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        9⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        9⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        8⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        7⤵
        
        PID:5984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        6⤵
        
        PID:4644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        5⤵
        Program crash
        
        PID:848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
      4⤵
      Program crash
      PID:1440
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe

Filesize
184KB

MD5
eb137011ef22de5a18fee12969d1939e

SHA1
53ad141accf12393b08335e046269d33f472113a

SHA256
7bfc097e93064ab6ce7ebf5c2108f029477a18833b45f0c98783b384805b893c

SHA512
c71dbe3ab828177810924d2b58bca583b7f0567d65883e6df76e2ec1c57c254534e3ff3f8ee7cfbb1be5b9d771ed62c41cfba3cbe6e2014ce48429e036ff3dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe

Filesize
184KB

MD5
6ee9ca5bb1b3c61720d28eae5a90a4ca

SHA1
988b94fd93e106b7370d2e904947188d84a2bb15

SHA256
53e802155cb26e1d03aec6afc2e93874d4f331a80bb00e68558d4ed6be6fb467

SHA512
ac79632d9e378118e0d03410f7a783f9e30aed345b7bfcdec1eec3cc095e21b2f17364e80b7147d2dd0dbcfb8d84328a35d0bd3a1a2e0651655f357afc673790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe

Filesize
184KB

MD5
335f3e1e82e8651ce1db7b4eef650822

SHA1
e045d99d4a25166dbfe96d58bac3e0f7eb6b4109

SHA256
c2fd468270365091170c756e14df6ff53d8b62844ebfcbf3dedf164d486e55dd

SHA512
a2ffc6b3845acf250d66d48ad684d4c05270bcef0ebd004533710a5be13d54b8d05afba02498ddeb83978e40becad54859f3eebff164ab4e573f42326196ec30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe

Filesize
184KB

MD5
3f15e0072117053364d83742779a549b

SHA1
dc0e51d8556ae519839dd2c4443805c30d9bc5ec

SHA256
b781f8262147fb9a7e15dbaf0b636ca5fc914c80e9a997dc42fa2ac2ae05eda1

SHA512
6095fe1c14b6be0566462db3be5752fcf7192378b52d6acc5e846e97e09b37ab77e62f4f3178c5c10068cf9a95aaed0bc62617a0c3dac8339a2e0b8ff667fe5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe

Filesize
184KB

MD5
7b46f03d5e4b9f99812c9b1333b99d71

SHA1
c0388ead54cda05e97a1ca5ff5eacf6a3dff2bf0

SHA256
5b2ccf42e9931d2cb45a22c3b59757174e141c1fd9b41b289478667de9936cef

SHA512
338dc0eedf7db14bc6bb6741b54632f8ed3db8abdb183f82deb0b967d43b4b9b7cc7a78e1fb9ddc01ba32d6e8afcea2120c7732ccaf8ca2c3304d2604cf415a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe

Filesize
184KB

MD5
b2c025ae966457dd414849c519839035

SHA1
b343af2fc5fece40ca625be8f56f947421b3bbde

SHA256
0d7815ecb187ff09741efeaf345e875d076a0fb59118e6ba27be151c0c3a1a2d

SHA512
7bc6695d23bcfba679adf37659cde0630ce635750b7fa37d8e0eab1297e5dfc26935b5d60a9704382641d1ac6c85e6811598fbac5b018cc22c80b313e49e5ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe

Filesize
184KB

MD5
1a70a6b1df0383664847b7b1291d1c7b

SHA1
af81fc010a4e1769bca80de5418df4c9ea2c9000

SHA256
55e8047a9ab4d9c8dc37ef7f655c1678c4256355cf548fdec2de79514b6305a9

SHA512
298c6e9e88369374b79feb42528fa822766ec1b908ed15f955945fc3caf0d5156c749e737217e92bb70f83ddb2f8f21c105c7d5c8681b4fc965b6ac92072986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe

Filesize
184KB

MD5
42040ca361e09dd3513b3e1f11599cc3

SHA1
965fb08aaceba1573280c7c6a62ae73bb127bbb9

SHA256
f135a5d6a4d011db566683b2ea7c78e346b19a751af7d5394361bbb106a07649

SHA512
1804f3e4ade539cd679276290cc3d4490a9250f81d5a9dddb042ed5f5080ad26294a441be32b2580568e0b376ccdea4ecbb6089b3d9e2d98d7178673cc9f76d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe

Filesize
184KB

MD5
3cf51c412ca0fc26b2ef52f2da943abf

SHA1
e4e16d1079fb07aaca20beab834e417d93f10697

SHA256
b90218144092d6fe10366c624559f3e345e0a31b536a9e2c4a19c1ec7aadcbee

SHA512
88c5d449024f823d41c47d1e630618a700fa5c65a040756fe5064d100b7cd78477006dcd535aff3480083db8e8aee560bb3a100a752f06010fd0087357571d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe

Filesize
184KB

MD5
0f7787f2ba3e717c47508b840859b52b

SHA1
db9008ae394febb43586f0a8044b074efcaa9b79

SHA256
1d1ae942e4510ea21ca72c06091a47b08af61fc908cb262db9994f7b20248a94

SHA512
cf91a4c6fc4fa896894bda1fccd4f4576a8469afbb52e5bfca50213e845c5f46f6704377a427263bef2fbe759846721e065a2ceb30be6e2b866d1ad5e422a4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe

Filesize
184KB

MD5
a38e86e8278a7f28f8e2383e23c18653

SHA1
8e37cb20fafc853d404619f1bfeb34b2502edb34

SHA256
c1f959daaff3c104a83f9c69bf25cf56c8eb98f317f3fbcca0cb646fdcca486f

SHA512
09d870f3b1c9c02c481ef836d4ad718a2fb110ae84006948e999c70da8db80d30d2bb4178894bea20e5723d4caa786449455f7bfd898333dad7b4ac387ed683f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe

Filesize
184KB

MD5
1d1aa6b11ee535d0622e72c33546fb74

SHA1
ed42a6ed228efcc3ad408fe6247e93e1f47604ab

SHA256
eb2453ac21a1e41e7ae05093b28475575e373066fed591da25b8f8a6be5a7247

SHA512
c28d219ed0436bab473a943e0b6678aeb52ef12f5a1c4ec6de4d1e6258bc44e2af6a02bb26af7b27e73cc150678c29b9c4bc378b23a719789ac938bcd8a59124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe

Filesize
184KB

MD5
d2bd4819a3ed5bff7380de187454ff98

SHA1
dc34d5e3eb1c56fc37b5d0bfa5a6fd126c3a3946

SHA256
615c7081167652ae12ec24607659b3f8bf8113b0464dc5be47d6562aaa3f8934

SHA512
3dd726e785e5b5e1737287a8c6a2bd916572f4ca9934ba006b00651d26a8b913b230f034328f52d4c30b9afad703967e9c282372abdf8db78d9149ec81ae9515

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe

Filesize
184KB

MD5
e07902e48687fa7ae471813e4e39a0ce

SHA1
61a8fbb537b1f69b5cc7b5d44e90606661bb0f2d

SHA256
0d92c3bc6c1449d32baad10a4fbee6142be3d88767f577bde3e9e96d9f47da23

SHA512
7846d6c1c815e5b56ffbeea321734b9948f93b888143cb5565f364d97732e3f8c8d76ff93cd764f10c41655a121f00165877b32c77907a60dc6f947bb2e52bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe

Filesize
184KB

MD5
dfe8f39e6cb4a4ac4d9415227752ead3

SHA1
a5d5b748598b7de8bb704c7b0032e1e793f47ec4

SHA256
5a263b13ffc5249a29f82b1a507ecc79af9731c1e78041f64fa6710c36fb3582

SHA512
cc4f733ecfd6bad75af5f273d526ec04969f62c6e106deb733d0aba1051c2285833e4e9a70c11e422420dd31c86bea7bdda863b83ccea28cb131bf2bded38a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe

Filesize
184KB

MD5
1616bdad7285594af642968c6e7e3205

SHA1
3cefbb40c8c4d7405d1b0b19767c1ff84cc4a317

SHA256
0fab62dfdb6ca51d6df6006ea106f9089bd7c6c9b42cc11bb13c38e21784d145

SHA512
8b4f1708c53bf603acc52f2bbe06915ca13251ab7ff84d4fdf68c508f583080f4a82851693d30844b96482a3bcdd6a53677dd7e4bee1cfc73f59d2d41e20999d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe

Filesize
184KB

MD5
2ac5277e3430c27233a0d7bf33b381b7

SHA1
b89ac8739db227fe61c678882fd70a76829f5a27

SHA256
200e83937addb1cc40e4296d977994a18baf2dd84bc20aa19d0f0d97e36ef060

SHA512
f98becd84724199f75a788db843032fd6216138995792a456af1882010a6f327de34d04c3896fb88c6f9c1dd0e697534275716492dbe222513b9210eb62a17b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe

Filesize
184KB

MD5
551967951aab483e6aeb3ebab856f451

SHA1
f5cdce6e2965aaf4d21df68adcff8f7db9d1839c

SHA256
90d3a5c15a7d5269354fba3e534589efef0e66eba8360df1caf1275fc3a7589e

SHA512
a83955ca1d3715466046628073f51f8f762bd0e159113abe37a49a7c43e54e16391e3f484001c87eb66e21dd860233c03ffef96ac96c87c9a716ecc435b11f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe

Filesize
184KB

MD5
81693b2070f7f10f5f17b80496c86633

SHA1
4ef31ad036d04c05ea33559511cc505fa2402694

SHA256
3a783e8fcf59c4b005717188083ba39df3835705cd9107dceed57ee7cdf97d61

SHA512
355c1e40bf3d38d8ac04770b39e6e2053bbf8264172fa6498b55a725a67cbc3989d9225c8fc8c814f799b6045e0922629c1560ed8d719411195c12892f05c941

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe

Filesize
184KB

MD5
b8035b1f0637968614e25a31810cb292

SHA1
65b6ffadd50fd1f7cb5becb39e16f09e0ba78406

SHA256
cdfca09f2a7086f48f29788bf1ef4be6e4460338b6f92513e49bcdb7e452d3f1

SHA512
cc209ed4b329ddea8e24c57ffce67729580f60bfc2881a6e448649c90c574e4c8b58c2a7bfb65bbea114cd474d4a3ee1b3e0e2ebb0aa1989a9289d484ad3a6dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe

Filesize
184KB

MD5
94a3a70124ba20d47e2cfe744f557cc8

SHA1
450ca67d152eb940eebc55e9fec54bd28d745957

SHA256
80636178c75069ae8391be5ff28377ed146d66ce50acd71f5575d009c03dc789

SHA512
34615bef1360d6894a86a613f409d38ec5f11832b7e54c145505530e214ce7636236802e81afcc63189bc79b4210e434d3eed98379001a3f45772e28b97c9b15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe

Filesize
184KB

MD5
71c05fdeab46ceb1d4932568cbb8c4cb

SHA1
171740bf71ec412fea15c32e20fe3f60a371b0f8

SHA256
048aed4d89e18b1fb938a453add16433fd9c18992d93cf07071d869ac1036fc4

SHA512
266a7b59538408f1a5e49a84b8727f942f91e7b5d4a81e3c703f8b4c6e510ae0c33c87a72d4060c9e3f4ccc9786e46a0b65f97a9dfb010615f5a0c9a20f73160

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe

Filesize
184KB

MD5
2e2b3df167b581fc453d14e15ba85d46

SHA1
57ebe6c76eeb0f9d8a178c8f09e383f99b8fe2e0

SHA256
5a9b6477f06d670e5b1ce20df54ab040dda7245b3d383695b47cc8ef9f0e9ba8

SHA512
12ff38b3484c9db8dc90ac22540e49fa921a57d0c372bc7283c2c45afcf781c4e918c2adcb32059abb13fcad37beb08e164620cec6a587f222195ae2a890faa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe

Filesize
184KB

MD5
9fea5adf66f0fd9c679e519345bf9803

SHA1
d27a2456ab076a9a4d426150fef6c16ca198d92e

SHA256
4bd136ed317b8c2c4cb67dd92de6ff35e61e66748da42502e07721954750ca6d

SHA512
39f97fc47fad4528dbfe62d6e9e200a49edd104a9fd93b48f47669b4c334ec197a2d0adc25b8f4c79227131d72a75c8c25f7ae576d0c0df540c70c167eb9d627

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe

Filesize
184KB

MD5
60784e3bc8108b02c2902e5884bde915

SHA1
0f4eeb4cd7d877423d30fe49aad88b0274baaf1b

SHA256
094a6fc55b55d66f239f247b6fc0bcac5332571f1ef3137d24ca6d2894af9238

SHA512
bbf3f125766ee6729faea6fe9c70641f6f473144890afed43735af9346c01508ae65f1c6d937e1d6dc0d40e7f2304d14cbe2a8bdf663e66d94daf5a7fa6c443e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe

Filesize
184KB

MD5
82d0cc1b93a87f6033a992ce5a68bdfb

SHA1
4e4c64f9f0c932e73edcf9f4fb75c0a3dfd638c8

SHA256
eae75c882ded4d7606897fd86c713d90883c1bc408c74891143aeb65d3b32f30

SHA512
4671a09ab0c54f618821e385a3b16f72ec502e6999f326d250995fe7c5d42a0c1369e078d61e4a8c088b9c8f60c53f9280a1ce292a706fde7cbe8c05163321b7

Download Submit