1334410aaae8f1946549056528ac1a09a7175e371961c137c545f29b98e4f7ae

Analysis

max time kernel
118s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c5a1bd33ad929daa3e4d940bc9cf680N.exe
Size

184KB
MD5

1c5a1bd33ad929daa3e4d940bc9cf680
SHA1

6ab1bd6b852f328e21979a3554ee9222a5df7069
SHA256

1334410aaae8f1946549056528ac1a09a7175e371961c137c545f29b98e4f7ae
SHA512

0fe863d014e361de5462cdd93535df563e2d1dc81cdd68407062117467b4e0110838e6e951e0ab6bf2fa4a18950224e3b96bdb1bfebac57d7a8416887bc9234b
SSDEEP

3072:yJe9w0oHEj3NdppZkiB8urzLlvLqnxZu0np:yJ8oEbppb8IzLlzqnxZu0

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3224	Unicorn-20491.exe
664	Unicorn-47299.exe
1836	Unicorn-48238.exe
4748	Unicorn-17087.exe
4996	Unicorn-25809.exe
1532	Unicorn-54995.exe
2196	Unicorn-20351.exe
4720	Unicorn-37625.exe
4752	Unicorn-57491.exe
4400	Unicorn-57491.exe
4328	Unicorn-53962.exe
4076	Unicorn-6474.exe
2024	Unicorn-43978.exe
4660	Unicorn-38571.exe
2212	Unicorn-10537.exe
532	Unicorn-26319.exe
2712	Unicorn-30403.exe
2080	Unicorn-27257.exe
3528	Unicorn-47123.exe
2008	Unicorn-49235.exe
4360	Unicorn-8202.exe
5112	Unicorn-53874.exe
2136	Unicorn-54663.exe
3372	Unicorn-9546.exe
4772	Unicorn-17715.exe
4964	Unicorn-22353.exe
1488	Unicorn-22353.exe
4288	Unicorn-14185.exe
3932	Unicorn-2530.exe
2924	Unicorn-18867.exe
4548	Unicorn-64538.exe
4116	Unicorn-23505.exe
2460	Unicorn-45234.exe
4644	Unicorn-53402.exe
2572	Unicorn-53402.exe
1292	Unicorn-64523.exe
4044	Unicorn-56910.exe
2948	Unicorn-7154.exe
4516	Unicorn-11793.exe
1912	Unicorn-31851.exe
5004	Unicorn-27767.exe
3764	Unicorn-23683.exe
1132	Unicorn-49339.exe
1700	Unicorn-25389.exe
4724	Unicorn-50470.exe
2312	Unicorn-54959.exe
212	Unicorn-59598.exe
3728	Unicorn-42899.exe
1000	Unicorn-42899.exe
2916	Unicorn-38815.exe
4640	Unicorn-39369.exe
3188	Unicorn-26371.exe
4856	Unicorn-17627.exe
2076	Unicorn-5374.exe
2936	Unicorn-55727.exe
3112	Unicorn-36053.exe
4720	Unicorn-39007.exe
1336	Unicorn-39007.exe
4420	Unicorn-2058.exe
3060	Unicorn-2058.exe
760	Unicorn-51814.exe
1180	Unicorn-51814.exe
2080	Unicorn-6697.exe
2552	Unicorn-6889.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4904	664	WerFault.exe	93
4764	664	WerFault.exe	93
828	4748	WerFault.exe	97
4464	4748	WerFault.exe	97
5040	1532	WerFault.exe	100
1668	4996	WerFault.exe	98
1740	1532	WerFault.exe	100
780	4996	WerFault.exe	98
4036	2196	WerFault.exe	101
4320	2196	WerFault.exe	101
2124	4328	WerFault.exe	105
228	4400	WerFault.exe	104
4040	4720	WerFault.exe	102
872	4752	WerFault.exe	103
2844	4328	WerFault.exe	105
1668	4400	WerFault.exe	104
2076	4720	WerFault.exe	102
4156	4752	WerFault.exe	103
1096	2024	WerFault.exe	112
5028	2712	WerFault.exe	118
1532	2080	WerFault.exe	119
4848	2024	WerFault.exe	112
1080	1292	WerFault.exe	169
4556	2080	WerFault.exe	119
736	4360	WerFault.exe	133
4304	4360	WerFault.exe	133
2240	1488	WerFault.exe	141
1604	4772	WerFault.exe	140
1740	4288	WerFault.exe	143
2024	1488	WerFault.exe	141
2836	4288	WerFault.exe	143
4784	4772	WerFault.exe	140
5672	4548	WerFault.exe	162
5740	1132	WerFault.exe	180
5692	1912	WerFault.exe	177
6024	2536	WerFault.exe	230
5224	2948	WerFault.exe	171
5388	4548	WerFault.exe	162
5648	4724	WerFault.exe	192
6012	2916	WerFault.exe	197
5576	2948	WerFault.exe	171
2296	3060	WerFault.exe	210
2844	4720	WerFault.exe	208
6528	2076	WerFault.exe	201
7004	3576	WerFault.exe	238
6696	3060	WerFault.exe	210
6836	4640	WerFault.exe	198
5812	4856	WerFault.exe	200
6076	2936	WerFault.exe	203
7988	796	WerFault.exe	225
7728	3576	WerFault.exe	238
7312	5836	WerFault.exe	269
7064	4856	WerFault.exe	200
7576	4036	WerFault.exe	247
7144	7448	WerFault.exe	477
10004	2592	WerFault.exe	240
2836	1652	WerFault.exe	242
9696	6084	WerFault.exe	336
10696	6028	WerFault.exe	324
7164	6556	WerFault.exe	364
9892	6352	WerFault.exe	358
11360	6448	WerFault.exe	360
13260	7848	WerFault.exe	447
6692	1224	Process not Found	421

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c5a1bd33ad929daa3e4d940bc9cf680N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56910.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe
3224	Unicorn-20491.exe
664	Unicorn-47299.exe
1836	Unicorn-48238.exe
4748	Unicorn-17087.exe
4996	Unicorn-25809.exe
1532	Unicorn-54995.exe
2196	Unicorn-20351.exe
4752	Unicorn-57491.exe
4400	Unicorn-57491.exe
4720	Unicorn-37625.exe
4328	Unicorn-53962.exe
4076	Unicorn-6474.exe
2024	Unicorn-43978.exe
532	Unicorn-26319.exe
2212	Unicorn-10537.exe
4660	Unicorn-38571.exe
3528	Unicorn-47123.exe
2080	Unicorn-27257.exe
2712	Unicorn-30403.exe
2008	Unicorn-49235.exe
4360	Unicorn-8202.exe
5112	Unicorn-53874.exe
2136	Unicorn-54663.exe
3372	Unicorn-9546.exe
4288	Unicorn-14185.exe
4772	Unicorn-17715.exe
1488	Unicorn-22353.exe
4964	Unicorn-22353.exe
3932	Unicorn-2530.exe
4548	Unicorn-64538.exe
2924	Unicorn-18867.exe
4116	Unicorn-23505.exe
2460	Unicorn-45234.exe
4644	Unicorn-53402.exe
2572	Unicorn-53402.exe
1292	Unicorn-64523.exe
4044	Unicorn-56910.exe
4516	Unicorn-11793.exe
2948	Unicorn-7154.exe
3764	Unicorn-23683.exe
5004	Unicorn-27767.exe
1700	Unicorn-25389.exe
1912	Unicorn-31851.exe
1132	Unicorn-49339.exe
4724	Unicorn-50470.exe
2312	Unicorn-54959.exe
212	Unicorn-59598.exe
3728	Unicorn-42899.exe
2916	Unicorn-38815.exe
1000	Unicorn-42899.exe
4640	Unicorn-39369.exe
3188	Unicorn-26371.exe
4856	Unicorn-17627.exe
2076	Unicorn-5374.exe
2936	Unicorn-55727.exe
3112	Unicorn-36053.exe
4720	Unicorn-39007.exe
1336	Unicorn-39007.exe
4420	Unicorn-2058.exe
3060	Unicorn-2058.exe
2080	Unicorn-6697.exe
1180	Unicorn-51814.exe
760	Unicorn-51814.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 3224	3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe	90
PID 3828 wrote to memory of 3224	3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe	90
PID 3828 wrote to memory of 3224	3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe	90
PID 3224 wrote to memory of 664	3224	Unicorn-20491.exe	93
PID 3224 wrote to memory of 664	3224	Unicorn-20491.exe	93
PID 3224 wrote to memory of 664	3224	Unicorn-20491.exe	93
PID 3828 wrote to memory of 1836	3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe	94
PID 3828 wrote to memory of 1836	3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe	94
PID 3828 wrote to memory of 1836	3828	1c5a1bd33ad929daa3e4d940bc9cf680N.exe	94
PID 664 wrote to memory of 4748	664	Unicorn-47299.exe	97
PID 664 wrote to memory of 4748	664	Unicorn-47299.exe	97
PID 664 wrote to memory of 4748	664	Unicorn-47299.exe	97
PID 3224 wrote to memory of 4996	3224	Unicorn-20491.exe	98
PID 3224 wrote to memory of 4996	3224	Unicorn-20491.exe	98
PID 3224 wrote to memory of 4996	3224	Unicorn-20491.exe	98
PID 1836 wrote to memory of 1532	1836	Unicorn-48238.exe	100
PID 1836 wrote to memory of 1532	1836	Unicorn-48238.exe	100
PID 1836 wrote to memory of 1532	1836	Unicorn-48238.exe	100
PID 4748 wrote to memory of 2196	4748	Unicorn-17087.exe	101
PID 4748 wrote to memory of 2196	4748	Unicorn-17087.exe	101
PID 4748 wrote to memory of 2196	4748	Unicorn-17087.exe	101
PID 664 wrote to memory of 4720	664	Unicorn-47299.exe	102
PID 664 wrote to memory of 4720	664	Unicorn-47299.exe	102
PID 664 wrote to memory of 4720	664	Unicorn-47299.exe	102
PID 4996 wrote to memory of 4400	4996	Unicorn-25809.exe	104
PID 4996 wrote to memory of 4400	4996	Unicorn-25809.exe	104
PID 1532 wrote to memory of 4752	1532	Unicorn-54995.exe	103
PID 4996 wrote to memory of 4400	4996	Unicorn-25809.exe	104
PID 1532 wrote to memory of 4752	1532	Unicorn-54995.exe	103
PID 1532 wrote to memory of 4752	1532	Unicorn-54995.exe	103
PID 1836 wrote to memory of 4328	1836	Unicorn-48238.exe	105
PID 1836 wrote to memory of 4328	1836	Unicorn-48238.exe	105
PID 1836 wrote to memory of 4328	1836	Unicorn-48238.exe	105
PID 2196 wrote to memory of 4076	2196	Unicorn-20351.exe	111
PID 2196 wrote to memory of 4076	2196	Unicorn-20351.exe	111
PID 2196 wrote to memory of 4076	2196	Unicorn-20351.exe	111
PID 4748 wrote to memory of 2024	4748	Unicorn-17087.exe	112
PID 4748 wrote to memory of 2024	4748	Unicorn-17087.exe	112
PID 4748 wrote to memory of 2024	4748	Unicorn-17087.exe	112
PID 4752 wrote to memory of 4660	4752	Unicorn-57491.exe	115
PID 4752 wrote to memory of 4660	4752	Unicorn-57491.exe	115
PID 4752 wrote to memory of 4660	4752	Unicorn-57491.exe	115
PID 1532 wrote to memory of 2212	1532	Unicorn-54995.exe	116
PID 1532 wrote to memory of 2212	1532	Unicorn-54995.exe	116
PID 1532 wrote to memory of 2212	1532	Unicorn-54995.exe	116
PID 4400 wrote to memory of 532	4400	Unicorn-57491.exe	117
PID 4400 wrote to memory of 532	4400	Unicorn-57491.exe	117
PID 4400 wrote to memory of 532	4400	Unicorn-57491.exe	117
PID 4720 wrote to memory of 2712	4720	Unicorn-37625.exe	118
PID 4720 wrote to memory of 2712	4720	Unicorn-37625.exe	118
PID 4720 wrote to memory of 2712	4720	Unicorn-37625.exe	118
PID 4996 wrote to memory of 2080	4996	Unicorn-25809.exe	119
PID 4996 wrote to memory of 2080	4996	Unicorn-25809.exe	119
PID 4996 wrote to memory of 2080	4996	Unicorn-25809.exe	119
PID 4328 wrote to memory of 3528	4328	Unicorn-53962.exe	120
PID 4328 wrote to memory of 3528	4328	Unicorn-53962.exe	120
PID 4328 wrote to memory of 3528	4328	Unicorn-53962.exe	120
PID 4076 wrote to memory of 2008	4076	Unicorn-6474.exe	131
PID 4076 wrote to memory of 2008	4076	Unicorn-6474.exe	131
PID 4076 wrote to memory of 2008	4076	Unicorn-6474.exe	131
PID 2196 wrote to memory of 5112	2196	Unicorn-20351.exe	132
PID 2196 wrote to memory of 5112	2196	Unicorn-20351.exe	132
PID 2196 wrote to memory of 5112	2196	Unicorn-20351.exe	132
PID 2024 wrote to memory of 4360	2024	Unicorn-43978.exe	133

C:\Users\Admin\AppData\Local\Temp\1c5a1bd33ad929daa3e4d940bc9cf680N.exe
"C:\Users\Admin\AppData\Local\Temp\1c5a1bd33ad929daa3e4d940bc9cf680N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        12⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        13⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        14⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        15⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        14⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        13⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        14⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        12⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        12⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        13⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        14⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        13⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 652
        11⤵
        Program crash
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        12⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        13⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        14⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        13⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        12⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        13⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        11⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        12⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        13⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
        13⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        12⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        12⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        13⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        12⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 720
        10⤵
        Program crash
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        12⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        13⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        11⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
        12⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        12⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        9⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        11⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        12⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        13⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        14⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        13⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        12⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        13⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        12⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        10⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        11⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        12⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        12⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        11⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        12⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        10⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        11⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        12⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        12⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        11⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 720
        9⤵
        Program crash
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        12⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        13⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        12⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        12⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 616
        11⤵
        Program crash
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        10⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        11⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        12⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        11⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        10⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        11⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        12⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        12⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        11⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 728
        8⤵
        Program crash
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 728
        8⤵
        Program crash
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        12⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        13⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        13⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        11⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        12⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        12⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        11⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        12⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        11⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        12⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        11⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        10⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 712
        9⤵
        Program crash
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        11⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        12⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
        11⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        11⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        9⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        11⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        11⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 740
        8⤵
        Program crash
        
        PID:5648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 740
        6⤵
        Program crash
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 740
        6⤵
        Program crash
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        11⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        12⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        13⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        13⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        12⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        11⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        12⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        12⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        11⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        12⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        11⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50418.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        12⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        13⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        13⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
        12⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18117.exe
        11⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 636
        9⤵
        Program crash
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 636
        9⤵
        Program crash
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 456
        12⤵
        Program crash
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        12⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39897.exe
        12⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        11⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18389.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        11⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        11⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        11⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
        12⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        11⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        10⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        11⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        11⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        10⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        10⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 752
        8⤵
        Program crash
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 632
        7⤵
        Program crash
        
        PID:736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 632
        7⤵
        Program crash
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        10⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        11⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        12⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        13⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        13⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        12⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        12⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        11⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        12⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        11⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 504
        11⤵
        Program crash
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        10⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        11⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        12⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        10⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        11⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        9⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        11⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33981.exe
        11⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        10⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        11⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        10⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        11⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        10⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        9⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        10⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        10⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 628
        9⤵
        Program crash
        
        PID:7164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 716
        6⤵
        Program crash
        
        PID:1096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 776
        6⤵
        Program crash
        
        PID:4848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 744
        5⤵
        Program crash
        
        PID:828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 744
        5⤵
        Program crash
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        11⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        12⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        13⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        12⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        11⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        10⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        11⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        10⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        11⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        11⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        10⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        11⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        10⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        9⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        10⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 724
        8⤵
        Program crash
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 776
        8⤵
        Program crash
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        8⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
        9⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60211.exe
        10⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        11⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        10⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        9⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        10⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        10⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        9⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        10⤵
        
        PID:8796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 720
        6⤵
        Program crash
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        10⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
        12⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        12⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        11⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        10⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        11⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        11⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 664
        10⤵
        Program crash
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
        11⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        11⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        10⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        9⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        10⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        10⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        10⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        10⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16929.exe
        10⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        10⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        11⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        11⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        10⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        11⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        9⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        10⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        10⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        9⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        9⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        10⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        9⤵
        
        PID:3536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 652
        6⤵
        Program crash
        
        PID:1740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 692
        6⤵
        Program crash
        
        PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 712
        5⤵
        Program crash
        
        PID:4040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 740
        5⤵
        Program crash
        
        PID:2076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 728
      4⤵
      Program crash
      PID:4904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 728
      4⤵
      Program crash
      PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 496
        8⤵
        Program crash
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        7⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        11⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        12⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64630.exe
        11⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 752
        10⤵
        Program crash
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
        10⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        11⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        10⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        10⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        11⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        9⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        10⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        10⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        11⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
        11⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        11⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        10⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        11⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        11⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        9⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        9⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 624
        8⤵
        Program crash
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        9⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        11⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        11⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        11⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        11⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        9⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        10⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        11⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 648
        8⤵
        Program crash
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 660
        7⤵
        Program crash
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        10⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        10⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        10⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        9⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        10⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        9⤵
        
        PID:12940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 640
        6⤵
        Program crash
        
        PID:2240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 640
        6⤵
        Program crash
        
        PID:2024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 740
        5⤵
        Program crash
        
        PID:228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 740
        5⤵
        Program crash
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        11⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        11⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        10⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        10⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        9⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
        10⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        10⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        9⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 664
        8⤵
        Program crash
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 636
        7⤵
        Program crash
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        6⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        9⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        10⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        10⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        9⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        9⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        9⤵
        
        PID:7532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 636
        5⤵
        Program crash
        
        PID:1532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 636
        5⤵
        Program crash
        
        PID:4556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 628
      4⤵
      Program crash
      PID:1668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 628
      4⤵
      Program crash
      PID:780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38571.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        8⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        11⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        12⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        12⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        11⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        11⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        11⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        10⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        11⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        11⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 624
        8⤵
        Program crash
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 624
        8⤵
        Program crash
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        11⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        12⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        10⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        11⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        11⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        9⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        10⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        11⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
        9⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        10⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        10⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        11⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        12⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        11⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        11⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        11⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 636
        9⤵
        Program crash
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        9⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        10⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        11⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 740
        8⤵
        Program crash
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        11⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        9⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        10⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        10⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        11⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        11⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        9⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        10⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        10⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        9⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        10⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        10⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        9⤵
        
        PID:2056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 724
        5⤵
        Program crash
        
        PID:872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 724
        5⤵
        Program crash
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        10⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        11⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        12⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        11⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
        9⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        10⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        10⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        11⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        10⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        9⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        10⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
        10⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        9⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        10⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        10⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        9⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        6⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        7⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        9⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        10⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        10⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        9⤵
        
        PID:10448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 724
      4⤵
      Program crash
      PID:5040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 724
      4⤵
      Program crash
      PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        12⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        11⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        11⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 744
        10⤵
        Program crash
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        9⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        10⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 636
        8⤵
        Program crash
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 636
        8⤵
        Program crash
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 624
        7⤵
        Program crash
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42043.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        9⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        10⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        11⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        10⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        10⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        9⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        10⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46634.exe
        10⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        9⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        7⤵
        
        PID:5932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 712
        6⤵
        Program crash
        
        PID:1604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 716
        6⤵
        Program crash
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        10⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        11⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        12⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
        12⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        11⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        10⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        11⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
        10⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        10⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        10⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        10⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        9⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        9⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
        10⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        9⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        10⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        10⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        10⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        9⤵
        
        PID:11552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 724
      4⤵
      Program crash
      PID:2124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 760
      4⤵
      Program crash
      PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 664 -ip 664
1⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 664 -ip 664
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4748 -ip 4748
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4748 -ip 4748
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1532 -ip 1532
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4996 -ip 4996
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1532 -ip 1532
1⤵
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4996 -ip 4996
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2196 -ip 2196
1⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2196 -ip 2196
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4328 -ip 4328
1⤵
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4400 -ip 4400
1⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4752 -ip 4752
1⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4720 -ip 4720
1⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4328 -ip 4328
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4400 -ip 4400
1⤵
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4720 -ip 4720
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4752 -ip 4752
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2024 -ip 2024
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2712 -ip 2712
1⤵
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2080 -ip 2080
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2024 -ip 2024
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1292 -ip 1292
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4660 -ip 4660
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4660 -ip 4660
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3528 -ip 3528
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3528 -ip 3528
1⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2080 -ip 2080
1⤵
PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4360 -ip 4360
1⤵
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4360 -ip 4360
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1488 -ip 1488
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4772 -ip 4772
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4288 -ip 4288
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1488 -ip 1488
1⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4288 -ip 4288
1⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4772 -ip 4772
1⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4548 -ip 4548
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1912 -ip 1912
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1132 -ip 1132
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2536 -ip 2536
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4116 -ip 4116
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2460 -ip 2460
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2924 -ip 2924
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2948 -ip 2948
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4644 -ip 4644
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5004 -ip 5004
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4116 -ip 4116
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2460 -ip 2460
1⤵
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4548 -ip 4548
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2924 -ip 2924
1⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3764 -ip 3764
1⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4724 -ip 4724
1⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5004 -ip 5004
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1132 -ip 1132
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1912 -ip 1912
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2916 -ip 2916
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3764 -ip 3764
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2916 -ip 2916
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2948 -ip 2948
1⤵
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4720 -ip 4720
1⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3060 -ip 3060
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4724 -ip 4724
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2076 -ip 2076
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3576 -ip 3576
1⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4856 -ip 4856
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3060 -ip 3060
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4720 -ip 4720
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3188 -ip 3188
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4640 -ip 4640
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2076 -ip 2076
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3188 -ip 3188
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3112 -ip 3112
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 628 -ip 628
1⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3868 -ip 3868
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1336 -ip 1336
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2752 -ip 2752
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 852 -ip 852
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3596 -ip 3596
1⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2936 -ip 2936
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3112 -ip 3112
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 628 -ip 628
1⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3868 -ip 3868
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1336 -ip 1336
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5932 -ip 5932
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 852 -ip 852
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 796 -ip 796
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 760 -ip 760
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6304 -ip 6304
1⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3576 -ip 3576
1⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3596 -ip 3596
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2752 -ip 2752
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 760 -ip 760
1⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 796 -ip 796
1⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5100 -ip 5100
1⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 4304 -ip 4304
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6304 -ip 6304
1⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4856 -ip 4856
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5836 -ip 5836
1⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5100 -ip 5100
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4304 -ip 4304
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4640 -ip 4640
1⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2936 -ip 2936
1⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4036 -ip 4036
1⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5356 -ip 5356
1⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1228 -ip 1228
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5420 -ip 5420
1⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5380 -ip 5380
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5340 -ip 5340
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2592 -ip 2592
1⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5720 -ip 5720
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7752 -ip 7752
1⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2748 -ip 2748
1⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5704 -ip 5704
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5952 -ip 5952
1⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5452 -ip 5452
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7448 -ip 7448
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5356 -ip 5356
1⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5420 -ip 5420
1⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1228 -ip 1228
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1652 -ip 1652
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5380 -ip 5380
1⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5720 -ip 5720
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2592 -ip 2592
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5340 -ip 5340
1⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5704 -ip 5704
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7800 -ip 7800
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2748 -ip 2748
1⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6380 -ip 6380
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5952 -ip 5952
1⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6216 -ip 6216
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6120 -ip 6120
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7856 -ip 7856
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5992 -ip 5992
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5452 -ip 5452
1⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1652 -ip 1652
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5188 -ip 5188
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5152 -ip 5152
1⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5716 -ip 5716
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5836 -ip 5836
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6028 -ip 6028
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6380 -ip 6380
1⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6084 -ip 6084
1⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6120 -ip 6120
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4004 -ip 4004
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5992 -ip 5992
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7856 -ip 7856
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6576 -ip 6576
1⤵
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6880 -ip 6880
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4788 -ip 4788
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3984 -ip 3984
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5696 -ip 5696
1⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5768 -ip 5768
1⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 512 -ip 512
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1380 -ip 1380
1⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5652 -ip 5652
1⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1532 -ip 1532
1⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5740 -ip 5740
1⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5188 -ip 5188
1⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4840 -ip 4840
1⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4068 -ip 4068
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3672 -ip 3672
1⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5852 -ip 5852
1⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5548 -ip 5548
1⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 9920 -ip 9920
1⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5152 -ip 5152
1⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5716 -ip 5716
1⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5688 -ip 5688
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6028 -ip 6028
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6980 -ip 6980
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4036 -ip 4036
1⤵
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6164 -ip 6164
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4700 -ip 4700
1⤵
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4004 -ip 4004
1⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1912 -ip 1912
1⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6548 -ip 6548
1⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6180 -ip 6180
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1928 -ip 1928
1⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5600 -ip 5600
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4492 -ip 4492
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6468 -ip 6468
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6236 -ip 6236
1⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 6204 -ip 6204
1⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6632 -ip 6632
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6956 -ip 6956
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7264 -ip 7264
1⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5596 -ip 5596
1⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6244 -ip 6244
1⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6296 -ip 6296
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6992 -ip 6992
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6908 -ip 6908
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6224 -ip 6224
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6756 -ip 6756
1⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1792 -ip 1792
1⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6352 -ip 6352
1⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6576 -ip 6576
1⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 6556 -ip 6556
1⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 7828 -ip 7828
1⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 5900 -ip 5900
1⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 7136 -ip 7136
1⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 1668 -ip 1668
1⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6880 -ip 6880
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6448 -ip 6448
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6900 -ip 6900
1⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5988 -ip 5988
1⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3984 -ip 3984
1⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5768 -ip 5768
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 512 -ip 512
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5696 -ip 5696
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6940 -ip 6940
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1532 -ip 1532
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5740 -ip 5740
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5656 -ip 5656
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5652 -ip 5652
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 1380 -ip 1380
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 3672 -ip 3672
1⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4068 -ip 4068
1⤵
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4840 -ip 4840
1⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6708 -ip 6708
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5852 -ip 5852
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5548 -ip 5548
1⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5256 -ip 5256
1⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5688 -ip 5688
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6948 -ip 6948
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6672 -ip 6672
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1964 -ip 1964
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6164 -ip 6164
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2968 -ip 2968
1⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4700 -ip 4700
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6612 -ip 6612
1⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 2124 -ip 2124
1⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6156 -ip 6156
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6180 -ip 6180
1⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6664 -ip 6664
1⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5600 -ip 5600
1⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6964 -ip 6964
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 1928 -ip 1928
1⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6972 -ip 6972
1⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6284 -ip 6284
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6548 -ip 6548
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 4492 -ip 4492
1⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 1912 -ip 1912
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6956 -ip 6956
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6468 -ip 6468
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6632 -ip 6632
1⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7264 -ip 7264
1⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6236 -ip 6236
1⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6244 -ip 6244
1⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5596 -ip 5596
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6992 -ip 6992
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6908 -ip 6908
1⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6296 -ip 6296
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6756 -ip 6756
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1792 -ip 1792
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6224 -ip 6224
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6352 -ip 6352
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7828 -ip 7828
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6312 -ip 6312
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5848 -ip 5848
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5900 -ip 5900
1⤵
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6900 -ip 6900
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6448 -ip 6448
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5988 -ip 5988
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 5700 -ip 5700
1⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6172 -ip 6172
1⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6512 -ip 6512
1⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6152 -ip 6152
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7028 -ip 7028
1⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6192 -ip 6192
1⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 8024 -ip 8024
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1224 -ip 1224
1⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6904 -ip 6904
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6940 -ip 6940
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5656 -ip 5656
1⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6444 -ip 6444
1⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 7952 -ip 7952
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 4312 -ip 4312
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6496 -ip 6496
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2924 -ip 2924
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 8096 -ip 8096
1⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6828 -ip 6828
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7192 -ip 7192
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 4700 -ip 4700
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 7172 -ip 7172
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6708 -ip 6708
1⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6672 -ip 6672
1⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5256 -ip 5256
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 1964 -ip 1964
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 6948 -ip 6948
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 2968 -ip 2968
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 2124 -ip 2124
1⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 6612 -ip 6612
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6156 -ip 6156
1⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 9184 -ip 9184
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3108 -ip 3108
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 6664 -ip 6664
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6964 -ip 6964
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 6972 -ip 6972
1⤵
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6284 -ip 6284
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7000 -ip 7000
1⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6656 -ip 6656
1⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 6888 -ip 6888
1⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5928 -ip 5928
1⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 1816 -ip 1816
1⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 7920 -ip 7920
1⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7664 -ip 7664
1⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7024 -ip 7024
1⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 7928 -ip 7928
1⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7848 -ip 7848
1⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5448 -ip 5448
1⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 8008 -ip 8008
1⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6928 -ip 6928
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 116 -ip 116
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7868 -ip 7868
1⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5668 -ip 5668
1⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7980 -ip 7980
1⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7596 -ip 7596
1⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 8000 -ip 8000
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6592 -ip 6592
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7648 -ip 7648
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7776 -ip 7776
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 4292 -ip 4292
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 1856 -ip 1856
1⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 7292 -ip 7292
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 7752 -ip 7752
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 7960 -ip 7960
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5848 -ip 5848
1⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 6312 -ip 6312
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6084 -ip 6084
1⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 7116 -ip 7116
1⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 7628 -ip 7628
1⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5700 -ip 5700
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 7688 -ip 7688
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 6700 -ip 6700
1⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6512 -ip 6512
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6172 -ip 6172
1⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 6152 -ip 6152
1⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7028 -ip 7028
1⤵
PID:12920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe

Filesize
184KB

MD5
925c2cdb5f6824e6f9d082bedc187420

SHA1
345aa675b8a8f922c01e2b899bb1d6f7c8035873

SHA256
c48719fb10984c5b3f8f7a42e63891201fd1cbf82f6238c9187a820f2437e947

SHA512
cda508867abc0827d45bf64ded62f5d90304ba054960c53db931b5a74075168499199e81007c98266e29414ddf9ac3dff6c460057c27382d3a8967426290ac49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe

Filesize
184KB

MD5
713c53f1e2a1d572ad2ff0108af610f1

SHA1
e55f6f5d046fd7f5ccffbde93e120e750ec8788f

SHA256
08ef87f68ec3907c93566a9e78b5e29ac68026a79888483316985bb491714db0

SHA512
acf0520fc72cfb46cdf077da0ffebd37ffd744533215eeadbdad3d18d8f53849ef1348fa37bcc04699a519f061bc9493be2b700fc62c6e5734015f6a664b74e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe

Filesize
184KB

MD5
31ef1f241cbf76ed9fbba518241b445d

SHA1
fb9ded39174b8e8718242e2b67ddd423e3377750

SHA256
af29ccbb1bcf96567acfcd0b0867c2ce832dc2f38fd78a895171426f1c303005

SHA512
e6775e2c462f88ef2be54c244b4a28c339942882d76594c6ad849b0db58d5f9280b75c76f16c45bee8dc75472fd97a5fb10fda4a8a1eec77c47f13fa66e4b929

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe

Filesize
184KB

MD5
9cab74d76b21db2d68176b55948a27f1

SHA1
f0eb1badba7d25ad02fc06f8a79de9c0fc059402

SHA256
ca517508e268471725f5c06183b168f61c528b1a3538781a4eba5c53ced2b213

SHA512
6a9ee579c80e9829fc0d412e66fea4373ecb54f97d96081c0fae15cac21f4b2b663ae391a84454bbf9ccffb2a4d438d340e06cbc7e7859ef24ca41b1639a463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe

Filesize
184KB

MD5
5ea85e10a0d8569df361b861682320ce

SHA1
298da0ed9465590ed93c4666eab34bbd00ff474c

SHA256
a8c63f57f625c597a60472cbb5110edd6c2d9307dbbe6920a4841a29b35d138c

SHA512
ba7d958c325e75399b95f4ee5596b4944b50aaa22940b67732c7d5d58bc7177b127843caf9179dd0854400b549596aae18ec34c3f3296971ce008adabf23382b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe

Filesize
184KB

MD5
9d3c80689edc700a9a2c724a83655d30

SHA1
a75a7c4fc335c298f8db3ba16cac77d71b631b50

SHA256
cc86615c34196794aa6cb632b6300592a95c049ac06dcad031b1f32763bae2d4

SHA512
a35868c892e69a8f2baee39110ad57ee99d80fc4256567f3089aac4c0b4bc8359b5018d1e4041fcc07aca0bdc5654be631d9e6aaf0bed3f0ce389e7722419fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe

Filesize
184KB

MD5
96630556b41b388976455ab192fd10b0

SHA1
b92c97aba448e8223d5f941ef50274a233217874

SHA256
168378b0a38200ff29d9e1d031af61e9db31996071e4e78d897f7c716fda30e4

SHA512
68796fbabd4de24d7c553c40fc67ce5b15b3edbc90ded95aa5dcff27ed72b4c9d2009b75a70b865fae06c1abf77c03dd7a49330187b4e24d2d69923c5585c3f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe

Filesize
184KB

MD5
aab18dfd1ba39b26c6e0ebf456a22c55

SHA1
f2be4b32c41ee93629f55337e3a60d32b73ea065

SHA256
f883097ba216baa8e0d4990ea2e79433f4c1e60c06c2dea104a3644954753a07

SHA512
749f4f25794ff2dececea2d7daa9381c5404c9f8513e23aeddab645dec60dfc365f20bd7e6e2abcf00fefbdba6de41f338157113efc5666a222641ac2e253da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe

Filesize
184KB

MD5
574ee0ae610e343c40972eff6d9e5c59

SHA1
61250f052783ef5877c0d3294efbf22f6055522e

SHA256
97175c5fd6db1516311471edc895cc45855d6a6596dcde978ac1eb1cac8ba820

SHA512
e8c512a940528d28bf03883e4733f451632ca1486c8177bd533ce42e584ed3bf31e7fb6fc7ee09d2aff51a4148751f5ecf9dd51179f2ef994695eb7c6d95c390

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe

Filesize
184KB

MD5
6614493413db9ff492e7dec7a7116384

SHA1
04c1455ebb5bf707c52c7ded78258d70564746a1

SHA256
99b3281b384e18332a7923d47a6558920830a065345a06bdc993937007530f75

SHA512
e34d507dced4c0b576bd7be0645eb2588d6c7721be93a81196279bdd33596d894736a93b7ad15f00feb8b9a7e5b1f31ebf746157387616b14650d5c30a2a265d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe

Filesize
184KB

MD5
7aeac3f15f034aac6659c4608cf11d38

SHA1
4efbb33246ddfdf38fcfa6bf6c8d25a090cd8212

SHA256
d241aa1f73455fc3360caa741024bbdff70b9852183bea0311e411b6d2915a25

SHA512
53e092d5052e204737f391fe88069d535597ef1924b541cd36ba9409ddc9be05585300352ee3be044a6cdadaacd9ad92691d232469732c7a9120479e6910005d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe

Filesize
184KB

MD5
76e7cdcdbe944f8307e24122bd464f90

SHA1
4c9c997778ef794326dd992adc13ce862274888a

SHA256
8f2a23d19feed27f8c70e132871605609b2cca91d8ded3d482fb9c01dab839b2

SHA512
5729c8960d1166232842e4d3ab1dac5b16f6d6bf55645e932d3b04098786ba8b359af1c6fe0544f39b0172d696d167f4afd2edd2196bf19f53acf9c29295e8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe

Filesize
184KB

MD5
fc6e4d124d4bcc498154eb811dba4e84

SHA1
c0df651ef51f9496f9471a2aae0c9f250b12167f

SHA256
27018b3214ce2b6e9b9f9960a3669c4341613269a7157e42abb6d8e0599e974b

SHA512
f8c929f61f8476bb451a8b79ef546a4df1389fc9b2d925a7dfb83a237f0a1164e6bd93903c674b234d504ff9c1318aa47b82153f9cedae57d8ff693b38a7ba5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe

Filesize
184KB

MD5
e2009af766a7010d6431cf4fd858624d

SHA1
390f98a40044199ba2ede88fdebaf1d60dc5bd6e

SHA256
454a164ece2d617e5f3da9cba9f7688a7d4876071d9339cfad7dd5123be40ea2

SHA512
12a93eb0977e32d9044e06a1d5b08d25b7b9f9f4a68abfdaf24616c882598d8d5714cde4e1fc194509096929a20d24e33466df5ca8b8b8fdf284d95f56a71c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe

Filesize
184KB

MD5
39481dd289f8bbeff9d2f657f8609fe0

SHA1
dd04bfe656322e49baab47be638e0db130f04a70

SHA256
14d2fea3cdf3b92d4d83ff7fe4edb9df7111e2eb7455ba8dae25665a7c8b44c8

SHA512
5b6d1f261933801e2c3a2ac97e49560922e3a71e63466d0e35e67b5a080183ba8702b16e7ea472e5a1f0a39410e1cb07a380e714bc81773b236ba239d1991054

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38571.exe

Filesize
184KB

MD5
3aceee225a04ddd9ed5e3f7a0f61a4ff

SHA1
229fea612ef12a808abf9ae405702414d7922b3a

SHA256
45c140b5dd7179ef00dfe4a9338dec5237aa0e4c3b091fd47f3bfa9a2d5381b1

SHA512
a9fdde24e8c0bccc6d48e62e9856a64f4c2d90f42df3d1a5173285988bb141cbf711be76da2e9338f687b0333c5e8240e01e6f493a6e203cb47bc89a119fb69a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe

Filesize
184KB

MD5
066ec22a3f50a37051353d8b4f716706

SHA1
168e4a978a8e2fb08258c24fc9fe635339590056

SHA256
f6f050e9d7f2b5b595515bbb441e3a3684a5c4ff7bc8c60adf079e7e5807fe7a

SHA512
cab1a46e5a4676edf63aa695c40cce19361872ae335264e08ba7bb25a8e8c382534d1123bc3bd43c545de4c801cc817bf4da89672aaf629fa54b44658bd67745

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe

Filesize
184KB

MD5
6845f101850756228d0f33df9883904e

SHA1
210df2d1b18f9efdb198df0a46a085fb0abd631f

SHA256
a6455f2b87f1de6979bc4b2632bb0ebd8d5272a1a064ede7b7cf9aa6adf7e430

SHA512
a27f6442020273899659ada563dbf10f4b5e5048a2e3b4e21dabd459851a4199db67777fed4e665a631924e0fc0f7ef50c2e775fa537c94e1f90f6552411fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe

Filesize
184KB

MD5
79859a476c4506bb28f7d3ce1fed3858

SHA1
f468bbca323b80b5b098d7bef1b764db9853771f

SHA256
fc962df7ff6ed1aefc0b075d5d373eff01e659e8046001f05236d886e12194a3

SHA512
0ad4c86d3de99b47566ba81595b0e45348416808f522b7a55ba187a1cd84a67576b4af2117f3c06ac5b8fc17b43812364606197482c2eae6611400eeb8f0cb4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe

Filesize
184KB

MD5
db74ffa3f121aa9af255849d48a55237

SHA1
1c1677d8650e772d910b409a598ad61babd82693

SHA256
af90277c9f5b07a099bb425f9435cee5c63e888e5a1fb7afae8a04bc64ae0c4a

SHA512
9d2605e3230a0de5ee488aa3ddcf48b49c557302fd54d2264bb15138ebd69282756b8fc33db014e60ee14155b249c56b22649c08c5ed1d676c2bf15ef293f087

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe

Filesize
184KB

MD5
e79f8ce5f86d9ac79866232f6bf020b0

SHA1
8673770ce58715792a0ab3416e51f276dafd31db

SHA256
2d2f0a09626f8c12b24daa346c043fe27dc5a1002600191226a29a8fd55c4d98

SHA512
c690e38579a77eeb6cc3fff98f5fcb99d1125031ed52323d653f79c672530a4ee17f66ba6d99cd765961d7286cbff23d3b9e4ca44eae48076e8451ed24013cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe

Filesize
184KB

MD5
eaa97fc8d69d7c74079d08ed8ca147e6

SHA1
05cb2663cd45056e851c7f23588558a3a0e28e6a

SHA256
3d45b568cfa1da998d9c17f97457597c78a279c530b637b66bd35d73069379fe

SHA512
1a37507619f9a427923ba85e85bb2497f8f61369ec85e2e5bbd18848e6f7d8eca9c3638993f93d5aca993c1c6f7ed3de1c8dc4659ddb297ff4df5419cbc4b5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe

Filesize
184KB

MD5
b8cd177d74f192efcf03bd6356879e19

SHA1
63bb9c476773d3f9820914a22fc23dc084104687

SHA256
8d0c10bf990bd4a2e53babfc27b1311d2baf110c82cda247e2e0be8d3a1016a4

SHA512
d3cfde9246f7307c488a8af85c3cdd778bc012d3ff096598140796b162bbe61f5b8a339af1a30a5587c47ebb01a12aaddb11c63c3a707a24fddc8b21dacceefa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe

Filesize
184KB

MD5
ede7c85fe5bd90dc00986c69844d5a75

SHA1
a062d8a46599b496d5551749fcf62564628fe21d

SHA256
a5cd23ec0a67f570cef8ab3c1aca627c127feadd8f0beca97217b0f117c7b078

SHA512
f2ff356aa3ad99274f83a200b5b3c8f791715fbc008fea1f595e7a2d32fc791ade9b663937f205411f65d67e576f12d02b5d3422b30e9e73cb92f5254e961743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe

Filesize
184KB

MD5
e057cdb93fd700e59506c78d485fe943

SHA1
c7f0f1db40ec2f33b434d4d65c97fa95b1fc708d

SHA256
778b9a9e266d347f74c17419bc989325739811eed9ccbca2fd639d315b0930ff

SHA512
569aa72b7c5c86f4a2ca58a06539051e14e778602cb75c62ab8856d14921d0c34b501e00dc6feb07780f413fc87d9a31e036dd1fe23a7a3a4369b11b02ac4a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe

Filesize
184KB

MD5
55c24831d65a2a8830553c29d0d4655e

SHA1
2da206222a4acb5aa4c36fd90fde77d1b9b6cd98

SHA256
6c440947be3d1dae22e39e0f14bfc2511f1576e17ca6c45caf77fb6dc0a43382

SHA512
af4cdc54495a0ba62a1a589e05b72349cccb62cdbed8183bb1a1e7c0d3cdfb480dadfda15647246f11d2272916989da43abfdf59afeaae18822eef7f7196c870

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe

Filesize
184KB

MD5
302cceedf9fbb47dfbdf7e6ff405ed1a

SHA1
a5616458ba00dfd27db665a0c011a314ae9ddba7

SHA256
bbd8349c3995db611b6fe18f8ea1e09ff677c3ee8bc9f7460533f1bb36f6603a

SHA512
7d8228f39ccfe5d1e8375be6e4f5d3b63a001452a654f81a2fffb8032c6076bcbc416c1d384760b5c691373a6247c8a97618f1bd09acdd71daa1ae06542e51ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe

Filesize
184KB

MD5
42847ee34c08a3b513a103918b1fe162

SHA1
7d51511bbebae1a97812f302f47251d3d6350c6e

SHA256
3529577490e5c481a615fa4f0ee437f093d76a45c197730c0d4a1a1ddd4af695

SHA512
37dc41ac2b94bdf5a9d8ac7d0494d8d0f6d7ba7ae002c99907068fa36242455048603cec70d6822aee69716e02ced44aa4b57f800128feafee06b89ad5301eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe

Filesize
184KB

MD5
02b0644bfd1127aaddde79aaec3f7d37

SHA1
4ca029738dced437b409cb7290b2df33b6d78321

SHA256
b3aa74980c162f5de2db7693078dd052f5fbcb74dd965c12a7851225f654e750

SHA512
c7c0ba5d6bab2bbb2703d96a79f6c5b0e6837d84839d3187ed0bd89836aa366b83a96b7f63b76fdb4bdb655c2b76cbed64321efed82d673e146617943ca96668

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe

Filesize
184KB

MD5
d0af0cc92b7623b586c37858d04de553

SHA1
98641eac5b293b535a5104a886dd8cf7bc09be9e

SHA256
ab32bd35f80d4bcd48c957240e0e5bfc0d6e482047ec1137ba359b58e1e8570b

SHA512
0bd8a0edf215a5a6dd294506348fd3313703726a1bf44897ee91c0a0b1fa0ad25219f704acb8cc9a82b49e0509f458044c0434ab71efe2e4548976c3583c38b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe

Filesize
184KB

MD5
5cf55312701ba7490d1b3d7d26209f91

SHA1
4193a8c838cd6b1224f3cb9fa36be83219f09d23

SHA256
76cce5192fea46150ec48bafba8d16e9252e67e9184dedd457348f0feafac4f1

SHA512
baa41228c93c5d806a74bc5bc0ec818bc5a4d51fed68aba2a71264dca769666f86f09b6493a242a206ebfc68313b1d7ee8cb13c8c269a91a4d79e7a687b4266b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe

Filesize
184KB

MD5
36d0ee5b1c80dc644d9e08ad70ad81f1

SHA1
20ab01b6d4bef1cde919e372312fb1f7ca021fb4

SHA256
211f477a4babeb7308a8bb676bc46f0fc3ed0a7b82560e33cf5545d40241fbc1

SHA512
59997c04ead40b03734f218d8bbfd2c33d7c2906ac45f642bf1af74e8b5a351996e85c06e2b788fc1d534a7ff039c3d05c089c614e2c23287c9b6dc46eaf3fce

Download Submit