d58dcc8b3b75b44dbb3240abc30ffa73ea15cc5464db1e910708fac9ec7450ec

Analysis

max time kernel
21s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7f22deb1d5385f2c1c0b6b008e1c190N.exe
Size

468KB
MD5

a7f22deb1d5385f2c1c0b6b008e1c190
SHA1

1b9afa08b6897ba1cf58475cadbcaa5b42e96dc6
SHA256

d58dcc8b3b75b44dbb3240abc30ffa73ea15cc5464db1e910708fac9ec7450ec
SHA512

b6a4c20b08bd3bc9fcbb573286bbbee199b32cc55ec66024f0cfcf259dba3b33881137c6121b7baffae7eae639571910dcc90cbca237f7ee42efab88fd130587
SSDEEP

3072:1cyOogId105UtbYJHzVjcf8/EChCPIpCnLHewVPsz8QLcZ/uYZl5:1c7o98UtOH5jcff0T/z8ao/uY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
1780	Unicorn-248.exe
3508	Unicorn-10457.exe
4004	Unicorn-34862.exe
1508	Unicorn-41419.exe
4364	Unicorn-37723.exe
4696	Unicorn-24035.exe
2720	Unicorn-56031.exe
3232	Unicorn-58818.exe
2288	Unicorn-33332.exe
1960	Unicorn-5367.exe
2348	Unicorn-41434.exe
4112	Unicorn-9939.exe
4172	Unicorn-55611.exe
3840	Unicorn-63726.exe
4636	Unicorn-4054.exe
4700	Unicorn-57071.exe
1688	Unicorn-36157.exe
2176	Unicorn-39163.exe
3460	Unicorn-18249.exe
1432	Unicorn-38115.exe
1552	Unicorn-9182.exe
4612	Unicorn-4822.exe
4296	Unicorn-64739.exe
3104	Unicorn-64739.exe
3132	Unicorn-22071.exe
2760	Unicorn-41937.exe
4908	Unicorn-17898.exe
4784	Unicorn-23764.exe
2576	Unicorn-24029.exe
2144	Unicorn-4163.exe
2764	Unicorn-15098.exe
2768	Unicorn-12490.exe
1124	Unicorn-40777.exe
2756	Unicorn-60643.exe
2888	Unicorn-37331.exe
1032	Unicorn-58622.exe
2736	Unicorn-59951.exe
2368	Unicorn-14279.exe
2296	Unicorn-51259.exe
2748	Unicorn-21758.exe
3040	Unicorn-64980.exe
1428	Unicorn-1991.exe
4064	Unicorn-61398.exe
4652	Unicorn-47069.exe
5092	Unicorn-8418.exe
3948	Unicorn-8683.exe
3236	Unicorn-11231.exe
4524	Unicorn-11231.exe
3544	Unicorn-28968.exe
624	Unicorn-48834.exe
4960	Unicorn-59451.exe
4964	Unicorn-61999.exe
1288	Unicorn-23819.exe
392	Unicorn-29950.exe
2276	Unicorn-42690.exe
368	Unicorn-47706.exe
1764	Unicorn-55855.exe
512	Unicorn-23806.exe
4236	Unicorn-14875.exe
1684	Unicorn-49658.exe
1484	Unicorn-38470.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4512	3132	WerFault.exe	117
2052	2764	WerFault.exe	123
3628	2764	WerFault.exe	123
1528	3132	WerFault.exe	117
5544	3948	WerFault.exe	138
5608	4064	WerFault.exe	135
5628	368	WerFault.exe	149
7076	4612	WerFault.exe	114
4636	4364	WerFault.exe	95
5928	1764	WerFault.exe	150
3672	4004	WerFault.exe	92
3056	2276	WerFault.exe	148
6680	5352	WerFault.exe	234
8752	556	WerFault.exe	217
8788	4524	WerFault.exe	140
8360	6012	WerFault.exe	208
8248	5432	WerFault.exe	184
9332	2176	WerFault.exe	110
9456	4316	WerFault.exe	162
10056	7848	WerFault.exe	422
9396	5164	WerFault.exe	367
9452	5180	WerFault.exe	233
5760	5816	WerFault.exe	226
9704	6588	WerFault.exe	364
9692	5936	WerFault.exe	377
9964	5708	WerFault.exe	378
64	6336	WerFault.exe	250
10116	6800	WerFault.exe	260
9428	1916	WerFault.exe	160
9324	4652	WerFault.exe	136
9316	1688	WerFault.exe	109
9308	748	WerFault.exe	159
9300	5372	WerFault.exe	181
8356	1124	WerFault.exe	125
10884	6204	WerFault.exe	310
11128	6516	WerFault.exe	370
11044	6424	WerFault.exe	295
9600	5444	WerFault.exe	392
9384	6180	WerFault.exe	390
8748	7920	WerFault.exe	424
8820	7576	WerFault.exe	410
4936	5484	WerFault.exe	395
9004	5128	WerFault.exe	386
9204	7588	WerFault.exe	408
7172	5748	WerFault.exe	383
6468	7600	WerFault.exe	409
9436	7500	WerFault.exe	466
7096	7624	WerFault.exe	460
8388	7932	WerFault.exe	446
3788	4396	WerFault.exe	462
9524	7728	WerFault.exe	467
11020	7492	WerFault.exe	404
7412	7752	WerFault.exe	450
2156	8080	WerFault.exe	429
6792	3464	WerFault.exe	387
7660	7816	WerFault.exe	418
6360	5628	WerFault.exe	438
6772	7856	WerFault.exe	423
6776	7460	WerFault.exe	445
5688	7832	WerFault.exe	420
10416	6500	WerFault.exe	256
10536	7444	WerFault.exe	444
10924	7508	WerFault.exe	405
6956	7792	WerFault.exe	415

System Location Discovery: System Language Discovery 1 TTPs 62 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14875.exe

Suspicious use of SetWindowsHookEx 57 IoCs

pid	Process
4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
1780	Unicorn-248.exe
3508	Unicorn-10457.exe
4004	Unicorn-34862.exe
1508	Unicorn-41419.exe
4696	Unicorn-24035.exe
2720	Unicorn-56031.exe
4364	Unicorn-37723.exe
3232	Unicorn-58818.exe
2288	Unicorn-33332.exe
2348	Unicorn-41434.exe
4112	Unicorn-9939.exe
1960	Unicorn-5367.exe
4172	Unicorn-55611.exe
4636	Unicorn-4054.exe
3840	Unicorn-63726.exe
4700	Unicorn-57071.exe
1688	Unicorn-36157.exe
2176	Unicorn-39163.exe
1432	Unicorn-38115.exe
3460	Unicorn-18249.exe
1552	Unicorn-9182.exe
4296	Unicorn-64739.exe
3104	Unicorn-64739.exe
4612	Unicorn-4822.exe
3132	Unicorn-22071.exe
4908	Unicorn-17898.exe
4784	Unicorn-23764.exe
2144	Unicorn-4163.exe
2760	Unicorn-41937.exe
2576	Unicorn-24029.exe
2764	Unicorn-15098.exe
2768	Unicorn-12490.exe
2756	Unicorn-60643.exe
1124	Unicorn-40777.exe
2888	Unicorn-37331.exe
1032	Unicorn-58622.exe
2736	Unicorn-59951.exe
2368	Unicorn-14279.exe
2296	Unicorn-51259.exe
2748	Unicorn-21758.exe
1428	Unicorn-1991.exe
3040	Unicorn-64980.exe
4064	Unicorn-61398.exe
4652	Unicorn-47069.exe
4524	Unicorn-11231.exe
3236	Unicorn-11231.exe
5092	Unicorn-8418.exe
3948	Unicorn-8683.exe
3544	Unicorn-28968.exe
4960	Unicorn-59451.exe
624	Unicorn-48834.exe
368	Unicorn-47706.exe
1288	Unicorn-23819.exe
4964	Unicorn-61999.exe
392	Unicorn-29950.exe
2276	Unicorn-42690.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 1780	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	88
PID 4676 wrote to memory of 1780	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	88
PID 4676 wrote to memory of 1780	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	88
PID 1780 wrote to memory of 3508	1780	Unicorn-248.exe	91
PID 1780 wrote to memory of 3508	1780	Unicorn-248.exe	91
PID 1780 wrote to memory of 3508	1780	Unicorn-248.exe	91
PID 4676 wrote to memory of 4004	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	92
PID 4676 wrote to memory of 4004	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	92
PID 4676 wrote to memory of 4004	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	92
PID 3508 wrote to memory of 1508	3508	Unicorn-10457.exe	94
PID 3508 wrote to memory of 1508	3508	Unicorn-10457.exe	94
PID 3508 wrote to memory of 1508	3508	Unicorn-10457.exe	94
PID 1780 wrote to memory of 4364	1780	Unicorn-248.exe	95
PID 1780 wrote to memory of 4364	1780	Unicorn-248.exe	95
PID 1780 wrote to memory of 4364	1780	Unicorn-248.exe	95
PID 4004 wrote to memory of 4696	4004	Unicorn-34862.exe	96
PID 4004 wrote to memory of 4696	4004	Unicorn-34862.exe	96
PID 4004 wrote to memory of 4696	4004	Unicorn-34862.exe	96
PID 4676 wrote to memory of 2720	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	97
PID 4676 wrote to memory of 2720	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	97
PID 4676 wrote to memory of 2720	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	97
PID 1508 wrote to memory of 3232	1508	Unicorn-41419.exe	100
PID 1508 wrote to memory of 3232	1508	Unicorn-41419.exe	100
PID 1508 wrote to memory of 3232	1508	Unicorn-41419.exe	100
PID 3508 wrote to memory of 2288	3508	Unicorn-10457.exe	101
PID 3508 wrote to memory of 2288	3508	Unicorn-10457.exe	101
PID 3508 wrote to memory of 2288	3508	Unicorn-10457.exe	101
PID 4696 wrote to memory of 1960	4696	Unicorn-24035.exe	102
PID 4696 wrote to memory of 1960	4696	Unicorn-24035.exe	102
PID 4696 wrote to memory of 1960	4696	Unicorn-24035.exe	102
PID 4364 wrote to memory of 2348	4364	Unicorn-37723.exe	103
PID 4364 wrote to memory of 2348	4364	Unicorn-37723.exe	103
PID 4364 wrote to memory of 2348	4364	Unicorn-37723.exe	103
PID 4004 wrote to memory of 4172	4004	Unicorn-34862.exe	105
PID 4004 wrote to memory of 4172	4004	Unicorn-34862.exe	105
PID 4004 wrote to memory of 4172	4004	Unicorn-34862.exe	105
PID 2720 wrote to memory of 4112	2720	Unicorn-56031.exe	104
PID 2720 wrote to memory of 4112	2720	Unicorn-56031.exe	104
PID 2720 wrote to memory of 4112	2720	Unicorn-56031.exe	104
PID 1780 wrote to memory of 3840	1780	Unicorn-248.exe	106
PID 1780 wrote to memory of 3840	1780	Unicorn-248.exe	106
PID 1780 wrote to memory of 3840	1780	Unicorn-248.exe	106
PID 4676 wrote to memory of 4636	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	107
PID 4676 wrote to memory of 4636	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	107
PID 4676 wrote to memory of 4636	4676	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	107
PID 2348 wrote to memory of 4700	2348	Unicorn-41434.exe	108
PID 2348 wrote to memory of 4700	2348	Unicorn-41434.exe	108
PID 2348 wrote to memory of 4700	2348	Unicorn-41434.exe	108
PID 4364 wrote to memory of 1688	4364	Unicorn-37723.exe	109
PID 4364 wrote to memory of 1688	4364	Unicorn-37723.exe	109
PID 4364 wrote to memory of 1688	4364	Unicorn-37723.exe	109
PID 3232 wrote to memory of 2176	3232	Unicorn-58818.exe	110
PID 3232 wrote to memory of 2176	3232	Unicorn-58818.exe	110
PID 3232 wrote to memory of 2176	3232	Unicorn-58818.exe	110
PID 1508 wrote to memory of 3460	1508	Unicorn-41419.exe	111
PID 1508 wrote to memory of 3460	1508	Unicorn-41419.exe	111
PID 1508 wrote to memory of 3460	1508	Unicorn-41419.exe	111
PID 2288 wrote to memory of 1432	2288	Unicorn-33332.exe	112
PID 2288 wrote to memory of 1432	2288	Unicorn-33332.exe	112
PID 2288 wrote to memory of 1432	2288	Unicorn-33332.exe	112
PID 3508 wrote to memory of 1552	3508	Unicorn-10457.exe	113
PID 3508 wrote to memory of 1552	3508	Unicorn-10457.exe	113
PID 3508 wrote to memory of 1552	3508	Unicorn-10457.exe	113
PID 4112 wrote to memory of 4612	4112	Unicorn-9939.exe	114

C:\Users\Admin\AppData\Local\Temp\a7f22deb1d5385f2c1c0b6b008e1c190N.exe
"C:\Users\Admin\AppData\Local\Temp\a7f22deb1d5385f2c1c0b6b008e1c190N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 640
        10⤵
        Program crash
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 728
        9⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        9⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        9⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 720
        10⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        9⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
        9⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        9⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 660
        9⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 756
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        8⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 636
        9⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        7⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 760
        7⤵
        Program crash
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        9⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        10⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 640
        11⤵
        Program crash
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 656
        10⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
        9⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
        9⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 636
        10⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        9⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        8⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 644
        9⤵
        Program crash
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        8⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12284 -s 652
        9⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51524.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49622.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        9⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 640
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 660
        9⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        7⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 636
        8⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        6⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11984 -s 640
        7⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50442.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        11⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 636
        12⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12088 -s 640
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        10⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
        11⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        11⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 728
        10⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 656
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        8⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 636
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        9⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 632
        10⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        7⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 712
        7⤵
        Program crash
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        6⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 648
        7⤵
        Program crash
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        6⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
        9⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        8⤵
        
        PID:14260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 752
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 644
        6⤵
        Program crash
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        9⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 640
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 756
        9⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        9⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe
        9⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        8⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 640
        9⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        8⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        9⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        9⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        8⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12496 -s 636
        9⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 724
        8⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        7⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 632
        7⤵
        
        PID:13304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 760
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        7⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 724
        8⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        6⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 644
        7⤵
        
        PID:13384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 632
        6⤵
        
        PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
        5⤵
        
        PID:4996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 724
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        5⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        6⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        8⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        6⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        7⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        5⤵
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        7⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 636
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        7⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 724
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        8⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        7⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 644
        8⤵
        Program crash
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
        8⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 740
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        7⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 640
        8⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 636
        7⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        6⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        7⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        6⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
        7⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        7⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        7⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 724
        8⤵
        Program crash
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 756
        7⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        9⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        10⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 628
        10⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 664
        9⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        8⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 676
        8⤵
        
        PID:13496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 652
        7⤵
        Program crash
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        7⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 724
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        7⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 736
        7⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        7⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 652
        7⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        6⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        9⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        6⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11920 -s 636
        7⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        6⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        6⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        5⤵
        
        PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
        9⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 636
        10⤵
        Program crash
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 656
        9⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        8⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        9⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 752
        9⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        8⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 672
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        9⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        10⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 712
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        9⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 652
        9⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        7⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 636
        8⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        7⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 720
        7⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        7⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 644
        8⤵
        Program crash
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        7⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        6⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 636
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        6⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
        7⤵
        
        PID:11508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 756
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        6⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 640
        7⤵
        Program crash
        
        PID:9964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 656
        6⤵
        Program crash
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        
        PID:5444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 636
        6⤵
        Program crash
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        5⤵
        
        PID:6472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 636
        6⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        5⤵
        
        PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        6⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 676
        7⤵
        Program crash
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        6⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 464
        7⤵
        Program crash
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        6⤵
        
        PID:10916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 752
        6⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        5⤵
        
        PID:6812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 664
        5⤵
        Program crash
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
      4⤵
      PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
      4⤵
      PID:7588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 644
        5⤵
        Program crash
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
      4⤵
      PID:12232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12232 -s 724
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
      4⤵
      PID:13948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        8⤵
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 636
        9⤵
        Program crash
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 712
        8⤵
        Program crash
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        7⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 728
        7⤵
        Program crash
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 644
        9⤵
        Program crash
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 740
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        8⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 720
        9⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        8⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12416 -s 636
        9⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        8⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        7⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12156 -s 636
        8⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        6⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 636
        7⤵
        Program crash
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        6⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 644
        7⤵
        
        PID:7876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 776
        6⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        6⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        7⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        6⤵
        
        PID:5876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 752
        6⤵
        Program crash
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        9⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        10⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        11⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        11⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        10⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        8⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12424 -s 728
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        7⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 640
        8⤵
        Program crash
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        6⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 636
        7⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51938.exe
        6⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 644
        7⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        5⤵
        
        PID:5352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 640
        6⤵
        Program crash
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        5⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        6⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 724
        7⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        6⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        6⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        5⤵
        
        PID:9076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 640
        6⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        5⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        6⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        5⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49875.exe
        5⤵
        
        PID:5384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 748
        5⤵
        Program crash
        
        PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        8⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 640
        9⤵
        Program crash
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 736
        8⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 720
        7⤵
        Program crash
        
        PID:5760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 724
        6⤵
        Program crash
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28495.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        7⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 636
        8⤵
        Program crash
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        9⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        7⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11700 -s 640
        8⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 640
        7⤵
        
        PID:6992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 644
        6⤵
        Program crash
        
        PID:9452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        5⤵
        
        PID:6008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 756
      4⤵
      Program crash
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        9⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 636
        10⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        10⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        11⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        11⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 636
        8⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 644
        7⤵
        Program crash
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        8⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 728
        9⤵
        Program crash
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 636
        7⤵
        Program crash
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10971.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        8⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12264 -s 636
        9⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        8⤵
        
        PID:13320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 716
        6⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
        6⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 648
        7⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
        6⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 648
        7⤵
        Program crash
        
        PID:11020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 656
        6⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        5⤵
        
        PID:6660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
        5⤵
        
        PID:7792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 636
        6⤵
        Program crash
        
        PID:6956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        6⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 724
        7⤵
        
        PID:13668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 664
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
      4⤵
      PID:5936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 640
        5⤵
        Program crash
        
        PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      4⤵
      PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
      4⤵
      PID:8664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 632
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
      4⤵
      PID:8568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
    3⤵
    PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        5⤵
        
        PID:6516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 636
        6⤵
        Program crash
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        5⤵
        
        PID:9200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 724
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        6⤵
        
        PID:12608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 728
        5⤵
        
        PID:14136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 636
      4⤵
      Program crash
      PID:8360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        5⤵
        
        PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
      4⤵
      PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        5⤵
        
        PID:3340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 648
        6⤵
        
        PID:13944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 748
        5⤵
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
      4⤵
      PID:9272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 644
        5⤵
        
        PID:13392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 752
      4⤵
      PID:14112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
    3⤵
    PID:7932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 648
      4⤵
      Program crash
      PID:8388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
    3⤵
    PID:9724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
    3⤵
    PID:6484
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 636
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
    3⤵
    PID:13212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 644
        7⤵
        Program crash
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        8⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        9⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 640
        10⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 664
        9⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
        7⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        6⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 628
        7⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        6⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 636
        7⤵
        
        PID:8920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 772
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 636
        10⤵
        
        PID:228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 740
        9⤵
        
        PID:14152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 720
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        8⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 640
        9⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        8⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 644
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        8⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 660
        8⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 656
        7⤵
        
        PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 632
        5⤵
        Program crash
        
        PID:4512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 632
        5⤵
        Program crash
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        7⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65387.exe
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        7⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 632
        8⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        6⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        7⤵
        
        PID:11352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 636
        6⤵
        
        PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        5⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
      4⤵
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        5⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        6⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        8⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        5⤵
        
        PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
      4⤵
      PID:8432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 640
        5⤵
        
        PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
      4⤵
      PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        6⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        5⤵
        
        PID:14560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1991.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        6⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        7⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 644
        8⤵
        Program crash
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 428 -s 648
        7⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        6⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 644
        7⤵
        Program crash
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 644
        7⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
      4⤵
      PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
        6⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 640
        7⤵
        Program crash
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        6⤵
        
        PID:9788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 724
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        8⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12552 -s 640
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        9⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        7⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        6⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        7⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        5⤵
        
        PID:9652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 636
        6⤵
        
        PID:8560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 660
        5⤵
        
        PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
      4⤵
      PID:7800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
    3⤵
    PID:5948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 716
    3⤵
    - Program crash
    PID:3672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        7⤵
        
        PID:7092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 720
        6⤵
        Program crash
        
        PID:3056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 724
        5⤵
        Program crash
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 644
        5⤵
        Program crash
        
        PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        6⤵
        
        PID:6668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 636
        6⤵
        
        PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47304.exe
        6⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
        7⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12348 -s 640
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        8⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        5⤵
        
        PID:9776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 648
        6⤵
        
        PID:2912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 660
        5⤵
        
        PID:14096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        5⤵
        
        PID:5748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 636
        6⤵
        Program crash
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        5⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        6⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 640
        7⤵
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 636
        6⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        5⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        6⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        9⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        7⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        6⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        8⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        6⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        5⤵
        
        PID:11408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11408 -s 724
        6⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
      4⤵
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        6⤵
        
        PID:9664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 720
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        5⤵
        
        PID:5736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 748
        5⤵
        
        PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
      4⤵
      PID:8856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 760
      4⤵
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
    3⤵
    PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
      4⤵
      PID:3464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 648
        5⤵
        Program crash
        
        PID:6792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
    3⤵
    PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
      4⤵
      PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
    3⤵
    PID:9828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
    3⤵
    PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
    3⤵
    PID:12376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        7⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 656
        7⤵
        Program crash
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        5⤵
        
        PID:6780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 644
        5⤵
        Program crash
        
        PID:8788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
      4⤵
      PID:7444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 640
        5⤵
        Program crash
        
        PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
      4⤵
      PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
      4⤵
      PID:2672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 724
    3⤵
    - Program crash
    PID:2052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 740
    3⤵
    - Program crash
    PID:3628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 640
    3⤵
    - Program crash
    PID:5628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
  2⤵
  PID:6024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
    3⤵
    PID:6884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
    3⤵
    PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
      4⤵
      PID:7348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 720
        5⤵
        
        PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        5⤵
        
        PID:11368
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 632
      4⤵
      PID:14080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
    3⤵
    PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
      4⤵
      PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
    3⤵
    PID:12020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
    3⤵
    PID:12544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
  2⤵
  PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
      4⤵
      PID:7752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 640
        5⤵
        Program crash
        
        PID:7412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
    3⤵
    PID:8264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 640
      4⤵
      PID:11724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
    3⤵
    PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
      4⤵
      PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        5⤵
        
        PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
    3⤵
    PID:10840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
    3⤵
    PID:13824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
  2⤵
  PID:7816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 648
    3⤵
    - Program crash
    PID:7660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
  2⤵
  PID:9712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
  2⤵
  PID:12240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
  2⤵
  PID:13772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
    3⤵
    PID:15144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3132 -ip 3132
1⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2764 -ip 2764
1⤵
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2764 -ip 2764
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3132 -ip 3132
1⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3948 -ip 3948
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4064 -ip 4064
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 368 -ip 368
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1764 -ip 1764
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1288 -ip 1288
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4612 -ip 4612
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2760 -ip 2760
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2576 -ip 2576
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4696 -ip 4696
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4784 -ip 4784
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4636 -ip 4636
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1960 -ip 1960
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3840 -ip 3840
1⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4112 -ip 4112
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1288 -ip 1288
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3788 -ip 3788
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4612 -ip 4612
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1500 -ip 1500
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4364 -ip 4364
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2756 -ip 2756
1⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2760 -ip 2760
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5444 -ip 5444
1⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4696 -ip 4696
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4636 -ip 4636
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4784 -ip 4784
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2576 -ip 2576
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5580 -ip 5580
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1960 -ip 1960
1⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5568 -ip 5568
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3840 -ip 3840
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4112 -ip 4112
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4364 -ip 4364
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5960 -ip 5960
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5696 -ip 5696
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1500 -ip 1500
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2756 -ip 2756
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3788 -ip 3788
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3948 -ip 3948
1⤵
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5948 -ip 5948
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5712 -ip 5712
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5936 -ip 5936
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6036 -ip 6036
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5736 -ip 5736
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5568 -ip 5568
1⤵
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5444 -ip 5444
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5580 -ip 5580
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5092 -ip 5092
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3544 -ip 3544
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2276 -ip 2276
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4064 -ip 4064
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4004 -ip 4004
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5960 -ip 5960
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 392 -ip 392
1⤵
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 512 -ip 512
1⤵
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5696 -ip 5696
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5948 -ip 5948
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5936 -ip 5936
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5712 -ip 5712
1⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5736 -ip 5736
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5168 -ip 5168
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6036 -ip 6036
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2276 -ip 2276
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5092 -ip 5092
1⤵
PID:744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3544 -ip 3544
1⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 368 -ip 368
1⤵
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5504 -ip 5504
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6092 -ip 6092
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5396 -ip 5396
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5836 -ip 5836
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 392 -ip 392
1⤵
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7088 -ip 7088
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 512 -ip 512
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7064 -ip 7064
1⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5592 -ip 5592
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 7092 -ip 7092
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6276 -ip 6276
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5352 -ip 5352
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6208 -ip 6208
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6780 -ip 6780
1⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6376 -ip 6376
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5384 -ip 5384
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6772 -ip 6772
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5956 -ip 5956
1⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5456 -ip 5456
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6820 -ip 6820
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6188 -ip 6188
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5876 -ip 5876
1⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5440 -ip 5440
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6008 -ip 6008
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6500 -ip 6500
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 556 -ip 556
1⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5192 -ip 5192
1⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6876 -ip 6876
1⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 6812 -ip 6812
1⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 5168 -ip 5168
1⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 1764 -ip 1764
1⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6884 -ip 6884
1⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6668 -ip 6668
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6796 -ip 6796
1⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 2768 -ip 2768
1⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2144 -ip 2144
1⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6576 -ip 6576
1⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6660 -ip 6660
1⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5664 -ip 5664
1⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6760 -ip 6760
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6736 -ip 6736
1⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5620 -ip 5620
1⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 5504 -ip 5504
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5596 -ip 5596
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6092 -ip 6092
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 216 -ip 216
1⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7148 -ip 7148
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5528 -ip 5528
1⤵
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6580 -ip 6580
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 2888 -ip 2888
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5244 -ip 5244
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4696 -ip 4696
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2212 -ip 2212
1⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5396 -ip 5396
1⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5720 -ip 5720
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6948 -ip 6948
1⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1428 -ip 1428
1⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5356 -ip 5356
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5836 -ip 5836
1⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 5804 -ip 5804
1⤵
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7088 -ip 7088
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4960 -ip 4960
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7064 -ip 7064
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 2748 -ip 2748
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 2632 -ip 2632
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5172 -ip 5172
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 5432 -ip 5432
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6012 -ip 6012
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4524 -ip 4524
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5592 -ip 5592
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1124 -ip 1124
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5372 -ip 5372
1⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1688 -ip 1688
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 4652 -ip 4652
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 2176 -ip 2176
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 748 -ip 748
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4316 -ip 4316
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 4604 -ip 4604
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5760 -ip 5760
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7124 -ip 7124
1⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 6256 -ip 6256
1⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 1916 -ip 1916
1⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 7092 -ip 7092
1⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6276 -ip 6276
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 6376 -ip 6376
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6780 -ip 6780
1⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6208 -ip 6208
1⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 7848 -ip 7848
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6800 -ip 6800
1⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5384 -ip 5384
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5956 -ip 5956
1⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 6772 -ip 6772
1⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6336 -ip 6336
1⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 5456 -ip 5456
1⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5816 -ip 5816
1⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 5180 -ip 5180
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5164 -ip 5164
1⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5708 -ip 5708
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 5936 -ip 5936
1⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6588 -ip 6588
1⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6820 -ip 6820
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 5876 -ip 5876
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6188 -ip 6188
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 6008 -ip 6008
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 5440 -ip 5440
1⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 6500 -ip 6500
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6812 -ip 6812
1⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 5192 -ip 5192
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6204 -ip 6204
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6424 -ip 6424
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6876 -ip 6876
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6516 -ip 6516
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6884 -ip 6884
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6668 -ip 6668
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6796 -ip 6796
1⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2144 -ip 2144
1⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2768 -ip 2768
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 6660 -ip 6660
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5632 -ip 5632
1⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5748 -ip 5748
1⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7588 -ip 7588
1⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5128 -ip 5128
1⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5484 -ip 5484
1⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 7576 -ip 7576
1⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 7920 -ip 7920
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6180 -ip 6180
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5444 -ip 5444
1⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 6760 -ip 6760
1⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 6576 -ip 6576
1⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6736 -ip 6736
1⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 5620 -ip 5620
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 5664 -ip 5664
1⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7360 -ip 7360
1⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 7552 -ip 7552
1⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1412 -p 216 -ip 216
1⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 5596 -ip 5596
1⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 7148 -ip 7148
1⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6580 -ip 6580
1⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5244 -ip 5244
1⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1540 -p 2888 -ip 2888
1⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5528 -ip 5528
1⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 4696 -ip 4696
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2212 -ip 2212
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 7792 -ip 7792
1⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7508 -ip 7508
1⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7600 -ip 7600
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 8108 -ip 8108
1⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 6948 -ip 6948
1⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5720 -ip 5720
1⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1428 -ip 1428
1⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5356 -ip 5356
1⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 7444 -ip 7444
1⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 7832 -ip 7832
1⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7460 -ip 7460
1⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 7856 -ip 7856
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 5628 -ip 5628
1⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 7816 -ip 7816
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3464 -ip 3464
1⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 8080 -ip 8080
1⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 7752 -ip 7752
1⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7492 -ip 7492
1⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 7728 -ip 7728
1⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 4396 -ip 4396
1⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7932 -ip 7932
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 7624 -ip 7624
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 7500 -ip 7500
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5804 -ip 5804
1⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4960 -ip 4960
1⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5172 -ip 5172
1⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5772 -ip 5772
1⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1544 -p 7136 -ip 7136
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 3892 -ip 3892
1⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 428 -ip 428
1⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 2632 -ip 2632
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 5636 -ip 5636
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2748 -ip 2748
1⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 5228 -ip 5228
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 5516 -ip 5516
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 8264 -ip 8264
1⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5204 -ip 5204
1⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2796 -ip 2796
1⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 8032 -ip 8032
1⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 7516 -ip 7516
1⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 7800 -ip 7800
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 8204 -ip 8204
1⤵
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 6352 -ip 6352
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 8916 -ip 8916
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 8720 -ip 8720
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7992 -ip 7992
1⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 8728 -ip 8728
1⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 8736 -ip 8736
1⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 2256 -ip 2256
1⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6728 -ip 6728
1⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 8940 -ip 8940
1⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 8704 -ip 8704
1⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7348 -ip 7348
1⤵
PID:14028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3236 -ip 3236
1⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5796 -ip 5796
1⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1544 -p 3032 -ip 3032
1⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 1500 -ip 1500
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2736 -ip 2736
1⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5732 -ip 5732
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 1484 -ip 1484
1⤵
PID:14444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 5976 -ip 5976
1⤵
PID:14676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6112 -ip 6112
1⤵
PID:14848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 624 -ip 624
1⤵
PID:14964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7144 -ip 7144
1⤵
PID:15036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5912 -ip 5912
1⤵
PID:15176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7340 -ip 7340
1⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6384 -ip 6384
1⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4080 -ip 4080
1⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7328 -ip 7328
1⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 7488 -ip 7488
1⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5868 -ip 5868
1⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 8256 -ip 8256
1⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5860 -ip 5860
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4944 -ip 4944
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6712 -ip 6712
1⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4908 -ip 4908
1⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 5716 -ip 5716
1⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6076 -ip 6076
1⤵
PID:14616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6296 -ip 6296
1⤵
PID:14896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6428 -ip 6428
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6684 -ip 6684
1⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6048 -ip 6048
1⤵
PID:15140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6244 -ip 6244
1⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 4004 -ip 4004
1⤵
PID:14680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5948 -ip 5948
1⤵
PID:15300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5668 -ip 5668
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 6392 -ip 6392
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 8948 -ip 8948
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 3168 -ip 3168
1⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 8632 -ip 8632
1⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4380 -ip 4380
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 8996 -ip 8996
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 9200 -ip 9200
1⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1424 -ip 1424
1⤵
PID:15300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 5260 -ip 5260
1⤵
PID:14680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 1032 -ip 1032
1⤵
PID:1272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 8072 -ip 8072
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 3104 -ip 3104
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 7808 -ip 7808
1⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7608 -ip 7608
1⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7216 -ip 7216
1⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7780 -ip 7780
1⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4492 -ip 4492
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe

Filesize
468KB

MD5
83b8fb58dfb3db5c576ce51b766ad1e0

SHA1
c071abc0b9067c2b171bbdd71c67f0e4b392603e

SHA256
3f1d8b55db3d4e9139ffa4c3983a125837b646db986d3bd36e9f1b729e37443c

SHA512
dd088ec820de8ec65c2292bf03f8d92a0e9a01bb930d6cfc5a853da6b2b3e852f5b9494d38e5ae2e3c7e83b1c16e60836b0bcb1dfaee2bfd255ad90d981749aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe

Filesize
468KB

MD5
7df35aa081f521659d7bcf92f9abe9de

SHA1
e786d6e85341e90cdda3f27a6936be2aa2c007b3

SHA256
4987aad3faf330fde4323b8120d86fccee43b915f70c408ffe8e4abdd2462213

SHA512
48b478cc23135b9aa95ab768c8da4aebe2f95cf285ea078e3f7d77e9d7cfc36697e4cd289c2119cbd7e94f44878d606b35697e778049ea9f60e37955427c7796

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe

Filesize
468KB

MD5
b75599d983403139a1abe6fc65ce2acf

SHA1
ebde4ddd23ca7c1e49f4b67f7d28472925bee872

SHA256
cbc7664c7d20dab075b9f583e805c492815cc6f778bb531a5243ddaabfcd0aae

SHA512
633c0ae2f3bed3a8fcfeba2c1617ebc47d9d4824bffe5911268a4bd28c8b9642939e6a70f27dbf508a0dc299f790411572329e8059516946515f30d9974d7609

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe

Filesize
468KB

MD5
46d3dc69535dce8cc14c77ec639c9207

SHA1
a1d7f4147c9b437771487047deb9880a005efefe

SHA256
60ae679ad722610407ffb1e945c710c1c0f2a331eb1b7171b1b29584b4bcc102

SHA512
4047599b517260fa9b4d4dbd0497e484d47efc94ea7a23595fb305fec77e5132335f2e185e07ec03cd2d748e613eab0a4eb8ff778b676b0458668d40c860acb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe

Filesize
468KB

MD5
5d3937d83fb5b0448d4b68b3e4789f4c

SHA1
5a73a0e02dfc8a6e18a0284fdf41623c34281075

SHA256
24ff68d19889eb4f1f96952a94ee5eddbe7249ce12ec7b9d2c96b358ee279b0e

SHA512
e9fb06d3f2e277ccc07e07ba2ad1257199486c063aa36b97efe617e66a655f37f18c2a291c43e5e91cdab9a341ded040fca71c2173b357dad5adc56719c4483c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe

Filesize
468KB

MD5
cf3bef77870076c801fe27c31979ab0f

SHA1
86aaa1f727b7e00e63daf03d5f8f21129ee2df21

SHA256
0b787dee6ab0288b1de0e1b079c263088c8501d5892431f0618846c97a4d0361

SHA512
c2579ba2db83e631f9be91944cfb192ad1e3f74a92f9802c1182bc26ce2e80006082de9f31a13e835df40b625b84cbc9265ac4bd21eddc37c4eb3139b9eae11f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe

Filesize
468KB

MD5
260a97eff180c396c4769b1593d54884

SHA1
eecc20f47b46890341ee5cec6bd6c6fbc712c4fc

SHA256
130d3894ebaaf2cc592f8491adae2dafb3b7cd7d7631fd109f2f7e4f2fe1e8bb

SHA512
6575f48cda229f7055110dc18410b997f66251a69fc4ab7a936085aa993533fef61f4326ed9ea168bf68c69f0d6986b2c81e0224a219d69a997451590ef91252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe

Filesize
468KB

MD5
ecd6d5334a1147480caf464825955896

SHA1
7f3f4345ac455f5d473953b54691a5abdb9bda16

SHA256
64fc64d8b7bdaacd2fd887a2c192e546f2552acc2d176e4a4e04bb7bde15e5fd

SHA512
4bfb9d3a86b6422934e4c6a56f708727f3a7cd4ec0dc41ebb3e1376bac875315a8b523527534385cfdf759f1609457362f2fd8ff4111dc2c5b87aaa0260e8726

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe

Filesize
468KB

MD5
8959a1f4ac58953b5189bafdfc991081

SHA1
7fc4edfa62f07cf7e136e230dabefc5ec3af3375

SHA256
eb119278a5a449d6434ff148fb762e4d91c5465199f8295f27e36665d38dd3a4

SHA512
e9007ffedda9a47ba621eb565de9649eadd2c3e5b442c9a7bcb0d3854b9e8c411d6f98427f868b184bc77b4b1384669f209b216df746b852b320fbd3c1e0211d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe

Filesize
468KB

MD5
3b71b7f9be9bf269ef88ff4bc03fbeca

SHA1
2d33515d002d33f0f5dfdcc2fa1bbad34e685607

SHA256
86049e8e8e03ffda66c0e7fa75f075d5c31f88587f9113a4e142bb86cec7bfad

SHA512
e8ab515a09d26d4d586853bf03641d53cff8d693927b50f35eafce9a56208db0156b408b47c8f35b53a514f8ba8826f6fecf654ac9c7b4d5d86c4c255cdd43c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe

Filesize
468KB

MD5
92bb4ce1bd76c13053f8456a62f3e4a0

SHA1
5537097f8d2972c13afbb3078e89232b450e0603

SHA256
76c01b37329c1308954d93159c51b84a9bb845ecc3a91a326643d4c6f61fb616

SHA512
2cfbe84e0eb761850cf44dbe9bffd7390d1b09603969126defb199c33ded96a32b2010c3c5166c972dfd3f864d29e103d90e81fd28289c703c1059b066c2a6bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe

Filesize
468KB

MD5
2c81969c2a3dcacbe67c241aa9ae57e0

SHA1
f7f854445cf114558561bd008020567f90f4752b

SHA256
1b78738db9d1d39191a1a628a4a66ea974a14607ab308697f456c608d112e2a8

SHA512
21519e3abdaf99289f899f1631b48f0ac784b1cc10588fc23a1f17a926b5d8e6e897a487e37ef4b87212db0d8fde4a2d97fd7d41adf818740eec2e98dc207224

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe

Filesize
468KB

MD5
cd531a85f1269d2c315bbcf550409b26

SHA1
a0bfd3b3a3f22462075dab212f62d75e2523e113

SHA256
4e194a42a64ed3907a8e4998e10e97cce7b94631370e0372c2c083235d92cdec

SHA512
4043c305811239c2708cc444c6fa7e400cef5b6e2d5e856e332efcd7ef6aa4e08b851c9ddd0e28067bb0550d66608baa679ce5e44f78983f6925610e3fa47e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe

Filesize
468KB

MD5
ffba83bc963bca6827f238fb7acdde2b

SHA1
8ed5d02719b7fb43323171cb090496bbe5272020

SHA256
0cfd1df9f8182a6db5607f91b8a231248f4b16154aaef7fb256fb759fb5dc6ac

SHA512
fd84a8360899a789417e5feb2b281236ec0621b7fbde3f806c3dd0af15fdadc94473588fc7fc7cfee9a58bd6fb5fd0c1386010e4f2219703062de07cf7a5eeb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe

Filesize
468KB

MD5
c08b98057abf635944220b27b6ec34c3

SHA1
fa55e731bd390defb1a9fd8f2f55eeb2f4bd38c8

SHA256
a178ce7a603fa77ff6378a63780e3920caa0203bb0625428fcdf796d52090bcf

SHA512
66c283f7ec6ca71c08baff4614f497fa5585301d3a61f24c63f824a6f686f18290672ee07723887e4c934459708b47c8507325bf78f10473214ee5887e5d13dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe

Filesize
468KB

MD5
561831dd9b545a2b178a7d6c4ed2f18e

SHA1
f7b5f6355c2890e740c94240cc3edf770f0c69ba

SHA256
1941b264b9858e8d34f58e07b25a2a48c64de672e1439fa434681e31464fd112

SHA512
d74b190c9edf1be1e979c7256e77ed092bab1b7df925fbc5e6ecc86787a6706574db678bf09293b97e4690d99732a9c309d5ba6a3b2589207cad050b597d04c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe

Filesize
468KB

MD5
81d6baa005320bac66e5675a9577c4be

SHA1
f5d8782320fed938ded897cbd74d3ab234e0942c

SHA256
23ebdc5d8d524c03137ea10a2731c834eab2b309410deea0e1c66ab59d9804ac

SHA512
c170ae3c94b41a5fbc52ebd87bb3168b9ac2db183df86febda2d848a308854931c443bc3154014b7c18d37dfed5c72b5129fa50f55e77cb458731ddd01be04b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe

Filesize
468KB

MD5
f4756fa2112cb5be9f40b96dbbad1def

SHA1
a3c6be47f5d7f4a8a49ba19df1ef16b2531e80bf

SHA256
aaf8d20022573f40fb079686240b7a7789823ea48f952d2dde280215299097c8

SHA512
a2633a229e3d2aa5311163c519a625bba49e1be67f48939298bc886225ee16175357f4ca64d579632b1b04817e9a3affdf68b51fb19e65ce425307832ae153fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe

Filesize
468KB

MD5
c005f0c4391dbeafc267c2f39e13a896

SHA1
05b0e21b7a16475628cc5cb95c47e1fcd650e5e5

SHA256
87c3239e09878eb145fefb060a0e247864d49f114ad9631eb0b5b9a0ab3063a1

SHA512
2edbc8a52b709c490ab72cb210b5451c90295236c724ea6e756e77243e5741c26a5e400882bddca7082aeda758e892fe2591b35c2beef8b72ca6d0dbb6c3943a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe

Filesize
468KB

MD5
73b38a8a79a7cabfd0e32c9e2697551c

SHA1
72ae6bae1bf719165b02210114288da2c3b1aa94

SHA256
109790a33bf0746e72e49364e78c8234505c6dcb8ee61b5ff1f0764b0ea30835

SHA512
d26f5fcd97bb208aac92e6d7ecf65b7dbb322ca998f2af41bce446ce7641b1c361003730cab698d8f191ef33e41ab3092557d5e17467de1b66a324d1a6854c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe

Filesize
468KB

MD5
a9bd023fff208a675566fb8aea857465

SHA1
15ba8d7f5ea42eddfc1564707c13b83a36ee8a50

SHA256
8ce4c10a1cab16d1bfd4f48090fd063afe01fd554562f841b5b17978cd7cccac

SHA512
431962bd588d3ac23e2f4ee951459a0d3479f8003b30b7f1ccffa83b25a32a8707bb218d47d3a9bf1648fbbe8718393268be963e1c20f78b2291bacee6f0c860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe

Filesize
468KB

MD5
7c99e2642e66039741f1f646c8758015

SHA1
3de093be70e3dabd47814c557ec631c31ca840c0

SHA256
e03336221d35ae8756b5fbc7bc7300eb0b9f4f1b282c2c476668abee3171571b

SHA512
5197dd95bc5738732629f4d0871ad70d7f0e600ebf17a8d44bae8763379fa183dfbe506864ce7226b9a3fb60339850a14866fa053862123730c8d16dc0dd0268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe

Filesize
468KB

MD5
81762197809cee9f9a6e1ed495ea24ff

SHA1
972057ae893c29bed5a8a798134700b93e08d74e

SHA256
bfd4b456d3971c4a559ca6e54f864dc2b6225c4195b16843f59310d69d31f708

SHA512
facb5e02832799c5f1e8b3d3579ea31b456fa618804dc6a9ca6fbc6e29bc6fcaab833a3a571a1ee9a0b53bf32eb329f4509d6c0cc847046ca3cb07c39a97b57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe

Filesize
468KB

MD5
ad0fc02b038a8b756eb1d85513915482

SHA1
a5b540f0d21551a107ee2c53ef99d731b4bb99b1

SHA256
7c98f96b9c1a1d66a6afba906f94e397d3ff81308e4d4d8f16382c09644a7e0c

SHA512
6b43646315070dffaff4d1a1b71baed9c2c40bd30420c7d329acd5398b26b200bf706a1882f20f5457c21221331b847341f70687db75c4313f0e7b04b00b514f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe

Filesize
468KB

MD5
ed4fc530181e3819857404d4d8758ace

SHA1
64379a0c1754d609361095db4055d2ca2c796bb2

SHA256
451c08a294e140f52184801b941d669d1b9fff597a5d13fa0867d0b9b73e64d9

SHA512
e9d196b32816d7a83a642acae6bbab27538686e6b2bb6d132d59fd2b93a5517c5315d3032dc48164fa4e2ffd68d2dc74354c15e826747a469e812a89918e5f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe

Filesize
468KB

MD5
a7fe3ee549f247c274c03653e6a9ae6f

SHA1
08817be0eb2a30f2285173991d5213472c8bcfd1

SHA256
0575a07464b88f95e1b058d87a88e0351a4f89de7918e57161ace0e210b3f514

SHA512
9b28f6ecb8c7cd07592291c83b6f3c499deef0ac992a1abb4a006558954ad7a03cabf73151951ad897aeffe6dfcc6ba541cfe20e325c6ee6565770a736497e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe

Filesize
468KB

MD5
95a5b50ede5a63d1a3b992e58e45cb4b

SHA1
3ae01f887a974a2a12a8f4e2d319949b5f221baf

SHA256
3961152d644945b173b6e1c739c1dbed82e72d9a6d18b9c272179b5e5f5663cf

SHA512
4ddd572e7e2bdb680e61000a36d4fc14d315093a8ceb7b75ab55f7c83ccc1acc5ace21ed7a153c357a34aef34b181ad0b2b40887e11717b7795dca70c41d6be3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe

Filesize
468KB

MD5
602d5cd8cdfa31f9a2c6b70208288013

SHA1
e37bf3ecfb50e545dfd7d109dad37bbf1bed8b5c

SHA256
623d2acef6f6a6b298e0a1f3df5eb7638fed6a22bb6d7ddfacb28245e7a6ba17

SHA512
c4f1ead23638bb2bf7f6de14c7a6876d179e8addcb65f31ccfea9d36dc4f85564189fcf01867ee2d9827dca862bfd5c3b2ac26e0a0d352935e5c7032e074db00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe

Filesize
468KB

MD5
b7a327d48563edcbac7c3400f366adb6

SHA1
1421e7cb455ef492b0a39b7b7dff2553d446b81d

SHA256
50be060e33591ed30c6a0f35fbf5ea682026ad762b490d274f65e3a6380a8b77

SHA512
00f6a088cdd8c8095e25cd7015333c63b257519c4f2e084b6b1dbea9c285a9ab9f95ea441511843f78d1d140146159c6030f52337ecd5a94911d5c115445992a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe

Filesize
468KB

MD5
a1183401c9da6b09f41f79e117befd88

SHA1
5a8020254f2a58e81a0fe4993f13f500db6155db

SHA256
c5a963cb10486943807c9a6358be1a67687bcce59888934bb6a5f800b667296b

SHA512
7c0bb26d79b4a27da424161eb76abc383a98c7388c051f3e4ddb3e58e27ca533d8eedf84e779fbe88222bf5c8f462881083b88cb6cc2da40270eccb4c13259ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe

Filesize
468KB

MD5
63bea6a5f03727280ebf518e95681499

SHA1
883fd2456a98f6a638886de9620a89c3d63b3347

SHA256
a60079b7738d73374da98f84ad0de1e2383050381a405995eb0753305ccdb5fc

SHA512
972dbb9b914695032442a987894851813c798b75c91750cca593fc6d2698003acc765039ee760f8504bc1ef1405d3a35a25f22a39e0f5c3e4caf75752cc95078

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe

Filesize
468KB

MD5
b2e977d00212ee7e2fbdc3a6197a3beb

SHA1
9ad36c66ed250d4a29ba764a4c474505dc2f3170

SHA256
2fea1c3d11e3582963b405c8b4f6d10ee022366163c204c1e04547d6e14ef34c

SHA512
4b8f7ae0ef83a09b760ca9f906a4a4291510de15886eded13a126d5c0715f7d69596da1e6b599fddadc466e9973feeb746fea3de5351fae5838be08571d41110

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe

Filesize
468KB

MD5
8e400df04656a02da7ae17979dfb8786

SHA1
bfeaca75413cd25fa7407cbdfefc136eaca01525

SHA256
b36dd4e339d1381e493bd792c5689b81e3274eb0bd95bbfcf6635f9f65679f0d

SHA512
88483aa5e33295ef4bf30f208bd161a01dda8bf75f95810df27271ac1117a98180f87692711fc5c07669bede9a40b9a7fe0c434bf06ff97af02c959aa9198615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe

Filesize
468KB

MD5
90182825a5648c3079f4c73c58b3afbc

SHA1
762d71a30adbd574b34c3c1cda4c369196ac2645

SHA256
a7ef1daade31a39758d8d9b32162e5724e1d8fc036aa3a8f88ea6585c4421da8

SHA512
500048e7ecd2bdd5f2eb9f3530e665032ba10955b6ee6f8720c837d980483e94106025aaadb753b1c3b4b57da348d15e5e92393974ea2ec4ebc74971c0172064

Download Submit
memory/8856-2413-0x00007FFA1CA90000-0x00007FFA1CC85000-memory.dmp

Filesize
2.0MB

Download
memory/9664-2408-0x0000000076320000-0x00000000763DF000-memory.dmp

Filesize
764KB

Download