a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
Size

184KB
MD5

13c5572d01ea0cc698810afc924c7a26
SHA1

88369b9abb31b03336672bbfe3d2a93f7041c048
SHA256

a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e
SHA512

594e4dcee0be5de89c0775f9791bfee9f212bc774f78e501cb0b8acc80ae75216c160887eab129abca94d7b0ba5cd993a971eec5a5e81a2e9d06bed05086eab3
SSDEEP

3072:6mRJtKoHjK3od7A4ki8Q8uYlAlvLqnxiuL:6mooWU7Aw8PlAlzqnxiu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4568	Unicorn-44977.exe
980	Unicorn-32305.exe
4592	Unicorn-31790.exe
3024	Unicorn-45185.exe
1836	Unicorn-64536.exe
4024	Unicorn-44671.exe
3308	Unicorn-61921.exe
944	Unicorn-12263.exe
5008	Unicorn-51480.exe
2740	Unicorn-51480.exe
1820	Unicorn-28407.exe
1072	Unicorn-32433.exe
4880	Unicorn-51784.exe
692	Unicorn-31918.exe
4348	Unicorn-31857.exe
4764	Unicorn-2199.exe
4108	Unicorn-28327.exe
216	Unicorn-31665.exe
4864	Unicorn-63761.exe
4336	Unicorn-27367.exe
2416	Unicorn-43511.exe
4228	Unicorn-46657.exe
3548	Unicorn-10263.exe
3960	Unicorn-59464.exe
4140	Unicorn-30129.exe
3836	Unicorn-30129.exe
4368	Unicorn-28535.exe
5072	Unicorn-28535.exe
4536	Unicorn-15152.exe
4780	Unicorn-11623.exe
2228	Unicorn-11431.exe
4320	Unicorn-34177.exe
1948	Unicorn-17649.exe
532	Unicorn-16305.exe
3876	Unicorn-38728.exe
3424	Unicorn-35713.exe
2632	Unicorn-35198.exe
2996	Unicorn-55064.exe
1900	Unicorn-31991.exe
1624	Unicorn-64664.exe
2636	Unicorn-47768.exe
5096	Unicorn-47768.exe
1608	Unicorn-21448.exe
1152	Unicorn-1904.exe
3288	Unicorn-14711.exe
4968	Unicorn-34193.exe
1604	Unicorn-17857.exe
624	Unicorn-1328.exe
396	Unicorn-63336.exe
4416	Unicorn-814.exe
4664	Unicorn-19838.exe
2864	Unicorn-20161.exe
1008	Unicorn-49304.exe
4360	Unicorn-19009.exe
4540	Unicorn-38033.exe
2236	Unicorn-1831.exe
1060	Unicorn-35345.exe
3032	Unicorn-2480.exe
2576	Unicorn-2480.exe
3148	Unicorn-34503.exe
1888	Unicorn-51681.exe
4584	Unicorn-4654.exe
4600	Unicorn-64561.exe
4276	Unicorn-18376.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2980	980	WerFault.exe	93
2364	980	WerFault.exe	93
4100	1836	WerFault.exe	97
1948	1836	WerFault.exe	97
3304	3308	WerFault.exe	101
5060	5008	WerFault.exe	104
4960	2740	WerFault.exe	103
3504	3308	WerFault.exe	101
816	2740	WerFault.exe	103
1268	5008	WerFault.exe	104
64	692	WerFault.exe	113
3988	4880	WerFault.exe	112
3796	216	WerFault.exe	117
872	692	WerFault.exe	113
980	216	WerFault.exe	117
2576	4880	WerFault.exe	112
4080	4348	WerFault.exe	114
4324	4108	WerFault.exe	116
4668	4348	WerFault.exe	114
692	4864	WerFault.exe	122
4264	2416	WerFault.exe	124
740	3836	WerFault.exe	128
4616	4228	WerFault.exe	125
2288	4864	WerFault.exe	122
1260	4140	WerFault.exe	127
1720	3960	WerFault.exe	129
3800	4228	WerFault.exe	125
3524	3836	WerFault.exe	128
464	4140	WerFault.exe	127
1260	1948	WerFault.exe	150
4420	4780	WerFault.exe	145
5452	4320	WerFault.exe	149
5460	2996	WerFault.exe	160
5588	2228	WerFault.exe	146
5668	3424	WerFault.exe	158
5744	4320	WerFault.exe	149
5760	2996	WerFault.exe	160
5916	3424	WerFault.exe	158
2324	2636	WerFault.exe	176
5548	1608	WerFault.exe	177
5460	4812	WerFault.exe	231
5884	2636	WerFault.exe	176
6120	1152	WerFault.exe	178
5912	3032	WerFault.exe	192
6536	3548	WerFault.exe	236
2748	2236	WerFault.exe	196
6340	2864	WerFault.exe	187
6424	692	WerFault.exe	227
6816	1888	WerFault.exe	194
7156	4276	WerFault.exe	223
8172	6000	WerFault.exe	319
8136	872	WerFault.exe	230
5332	6112	WerFault.exe	286
7556	5832	WerFault.exe	311
7192	2628	WerFault.exe	333
9572	5620	WerFault.exe	337
9384	6020	WerFault.exe	283
11160	5584	WerFault.exe	301
11200	6140	WerFault.exe	288
6100	6348	WerFault.exe	363
5852	6856	WerFault.exe	436
11276	3856	WerFault.exe	427
5364	4236	WerFault.exe	566
5416	6528	WerFault.exe	403

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49304.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
4568	Unicorn-44977.exe
980	Unicorn-32305.exe
4592	Unicorn-31790.exe
3024	Unicorn-45185.exe
1836	Unicorn-64536.exe
4024	Unicorn-44671.exe
3308	Unicorn-61921.exe
944	Unicorn-12263.exe
5008	Unicorn-51480.exe
2740	Unicorn-51480.exe
1820	Unicorn-28407.exe
1072	Unicorn-32433.exe
4880	Unicorn-51784.exe
692	Unicorn-31918.exe
4348	Unicorn-31857.exe
4764	Unicorn-2199.exe
4108	Unicorn-28327.exe
216	Unicorn-31665.exe
4864	Unicorn-63761.exe
4336	Unicorn-27367.exe
2416	Unicorn-43511.exe
3836	Unicorn-30129.exe
4228	Unicorn-46657.exe
3548	Unicorn-10263.exe
3960	Unicorn-59464.exe
4140	Unicorn-30129.exe
5072	Unicorn-28535.exe
4368	Unicorn-28535.exe
4536	Unicorn-15152.exe
4780	Unicorn-11623.exe
2228	Unicorn-11431.exe
4320	Unicorn-34177.exe
1948	Unicorn-17649.exe
532	Unicorn-16305.exe
3424	Unicorn-35713.exe
2632	Unicorn-35198.exe
3876	Unicorn-38728.exe
1900	Unicorn-31991.exe
2996	Unicorn-55064.exe
1624	Unicorn-64664.exe
2636	Unicorn-47768.exe
5096	Unicorn-47768.exe
1608	Unicorn-21448.exe
1152	Unicorn-1904.exe
3288	Unicorn-14711.exe
4968	Unicorn-34193.exe
1604	Unicorn-17857.exe
4416	Unicorn-814.exe
396	Unicorn-63336.exe
4664	Unicorn-19838.exe
1008	Unicorn-49304.exe
2864	Unicorn-20161.exe
4360	Unicorn-19009.exe
2236	Unicorn-1831.exe
4540	Unicorn-38033.exe
3032	Unicorn-2480.exe
1888	Unicorn-51681.exe
1060	Unicorn-35345.exe
2576	Unicorn-2480.exe
3148	Unicorn-34503.exe
4584	Unicorn-4654.exe
4600	Unicorn-64561.exe
4276	Unicorn-18376.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 4568	1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	90
PID 1220 wrote to memory of 4568	1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	90
PID 1220 wrote to memory of 4568	1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	90
PID 4568 wrote to memory of 980	4568	Unicorn-44977.exe	93
PID 4568 wrote to memory of 980	4568	Unicorn-44977.exe	93
PID 4568 wrote to memory of 980	4568	Unicorn-44977.exe	93
PID 1220 wrote to memory of 4592	1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	94
PID 1220 wrote to memory of 4592	1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	94
PID 1220 wrote to memory of 4592	1220	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	94
PID 980 wrote to memory of 3024	980	Unicorn-32305.exe	96
PID 980 wrote to memory of 3024	980	Unicorn-32305.exe	96
PID 980 wrote to memory of 3024	980	Unicorn-32305.exe	96
PID 4592 wrote to memory of 1836	4592	Unicorn-31790.exe	97
PID 4592 wrote to memory of 1836	4592	Unicorn-31790.exe	97
PID 4592 wrote to memory of 1836	4592	Unicorn-31790.exe	97
PID 4568 wrote to memory of 4024	4568	Unicorn-44977.exe	98
PID 4568 wrote to memory of 4024	4568	Unicorn-44977.exe	98
PID 4568 wrote to memory of 4024	4568	Unicorn-44977.exe	98
PID 3024 wrote to memory of 3308	3024	Unicorn-45185.exe	101
PID 3024 wrote to memory of 3308	3024	Unicorn-45185.exe	101
PID 3024 wrote to memory of 3308	3024	Unicorn-45185.exe	101
PID 980 wrote to memory of 944	980	Unicorn-32305.exe	102
PID 980 wrote to memory of 944	980	Unicorn-32305.exe	102
PID 980 wrote to memory of 944	980	Unicorn-32305.exe	102
PID 1836 wrote to memory of 5008	1836	Unicorn-64536.exe	104
PID 1836 wrote to memory of 5008	1836	Unicorn-64536.exe	104
PID 1836 wrote to memory of 5008	1836	Unicorn-64536.exe	104
PID 4024 wrote to memory of 2740	4024	Unicorn-44671.exe	103
PID 4024 wrote to memory of 2740	4024	Unicorn-44671.exe	103
PID 4024 wrote to memory of 2740	4024	Unicorn-44671.exe	103
PID 4592 wrote to memory of 1820	4592	Unicorn-31790.exe	105
PID 4592 wrote to memory of 1820	4592	Unicorn-31790.exe	105
PID 4592 wrote to memory of 1820	4592	Unicorn-31790.exe	105
PID 3308 wrote to memory of 1072	3308	Unicorn-61921.exe	111
PID 3308 wrote to memory of 1072	3308	Unicorn-61921.exe	111
PID 3308 wrote to memory of 1072	3308	Unicorn-61921.exe	111
PID 944 wrote to memory of 4880	944	Unicorn-12263.exe	112
PID 944 wrote to memory of 4880	944	Unicorn-12263.exe	112
PID 944 wrote to memory of 4880	944	Unicorn-12263.exe	112
PID 3024 wrote to memory of 692	3024	Unicorn-45185.exe	113
PID 3024 wrote to memory of 692	3024	Unicorn-45185.exe	113
PID 3024 wrote to memory of 692	3024	Unicorn-45185.exe	113
PID 2740 wrote to memory of 4348	2740	Unicorn-51480.exe	114
PID 2740 wrote to memory of 4348	2740	Unicorn-51480.exe	114
PID 2740 wrote to memory of 4348	2740	Unicorn-51480.exe	114
PID 5008 wrote to memory of 4764	5008	Unicorn-51480.exe	115
PID 5008 wrote to memory of 4764	5008	Unicorn-51480.exe	115
PID 5008 wrote to memory of 4764	5008	Unicorn-51480.exe	115
PID 4024 wrote to memory of 4108	4024	Unicorn-44671.exe	116
PID 4024 wrote to memory of 4108	4024	Unicorn-44671.exe	116
PID 4024 wrote to memory of 4108	4024	Unicorn-44671.exe	116
PID 1820 wrote to memory of 216	1820	Unicorn-28407.exe	117
PID 1820 wrote to memory of 216	1820	Unicorn-28407.exe	117
PID 1820 wrote to memory of 216	1820	Unicorn-28407.exe	117
PID 1072 wrote to memory of 4864	1072	Unicorn-32433.exe	122
PID 1072 wrote to memory of 4864	1072	Unicorn-32433.exe	122
PID 1072 wrote to memory of 4864	1072	Unicorn-32433.exe	122
PID 3308 wrote to memory of 4336	3308	Unicorn-61921.exe	123
PID 3308 wrote to memory of 4336	3308	Unicorn-61921.exe	123
PID 3308 wrote to memory of 4336	3308	Unicorn-61921.exe	123
PID 944 wrote to memory of 2416	944	Unicorn-12263.exe	124
PID 944 wrote to memory of 2416	944	Unicorn-12263.exe	124
PID 944 wrote to memory of 2416	944	Unicorn-12263.exe	124
PID 4764 wrote to memory of 4228	4764	Unicorn-2199.exe	125

C:\Users\Admin\AppData\Local\Temp\a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
"C:\Users\Admin\AppData\Local\Temp\a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        12⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        13⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        14⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 664
        14⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        12⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        13⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        14⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        13⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 664
        12⤵
        Program crash
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        11⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        12⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        13⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        14⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        14⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        13⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        14⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        12⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        13⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        11⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        12⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        13⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        14⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        12⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        13⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        11⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        12⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        13⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        14⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        13⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        12⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        13⤵
        
        PID:15500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 672
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 740
        10⤵
        Program crash
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        12⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
        13⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        14⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        15⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        14⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 748
        13⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        12⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        13⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        10⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        11⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        12⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        13⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        12⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 636
        12⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        11⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        12⤵
        
        PID:15556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 648
        11⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        11⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        12⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        13⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        14⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        13⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        14⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 632
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        12⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        13⤵
        
        PID:15620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 608
        12⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
        12⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        13⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        14⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        13⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        12⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        13⤵
        
        PID:872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 664
        12⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        10⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        11⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        12⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        13⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        13⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        12⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        11⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
        12⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 660
        11⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        10⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        11⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        12⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        13⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
        12⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        11⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        12⤵
        
        PID:15848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 632
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 716
        8⤵
        Program crash
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 748
        8⤵
        Program crash
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        11⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        13⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        14⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        14⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        13⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        14⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        12⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
        11⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        12⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        13⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        12⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 728
        11⤵
        Program crash
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 624
        10⤵
        Program crash
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        12⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        12⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 644
        12⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        11⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        12⤵
        
        PID:15596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 636
        11⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        11⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 648
        11⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 648
        9⤵
        Program crash
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        12⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        13⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        14⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        13⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        12⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        12⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 740
        11⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        10⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        11⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        10⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
        11⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        11⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 636
        11⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        10⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        11⤵
        
        PID:15548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 664
        10⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 720
        8⤵
        Program crash
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        13⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        14⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        13⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        12⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
        12⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        12⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 616
        12⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 744
        10⤵
        Program crash
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2737.exe
        9⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        10⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        11⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        12⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 632
        13⤵
        Program crash
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        12⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        13⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        11⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 644
        11⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        10⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        12⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        13⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 636
        12⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 660
        11⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        10⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        12⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        12⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
        11⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 636
        11⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
        10⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 644
        8⤵
        Program crash
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 656
        8⤵
        Program crash
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        11⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        12⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        12⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        11⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        12⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        11⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 632
        11⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        10⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 660
        10⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18580.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
        10⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
        11⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        11⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        12⤵
        
        PID:15604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 632
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 636
        10⤵
        Program crash
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        11⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        11⤵
        
        PID:15832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 724
        6⤵
        Program crash
        
        PID:3304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 772
        6⤵
        Program crash
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        12⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        13⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        14⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        13⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        12⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        13⤵
        
        PID:15800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 664
        12⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 664
        12⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        11⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 652
        11⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        12⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 640
        12⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        11⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 672
        11⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 672
        11⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        11⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        12⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        11⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 724
        9⤵
        Program crash
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        10⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 600
        10⤵
        Program crash
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        10⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        11⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 660
        10⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 720
        8⤵
        Program crash
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 720
        8⤵
        Program crash
        
        PID:5884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 636
        6⤵
        Program crash
        
        PID:64
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 636
        6⤵
        Program crash
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        11⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        12⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        13⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        14⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        13⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 636
        12⤵
        Program crash
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        11⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        11⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        12⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        13⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        13⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        12⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        11⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 672
        11⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        10⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        11⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        12⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        12⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 644
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        10⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
        11⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        12⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        12⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        9⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        10⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 636
        10⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 744
        9⤵
        Program crash
        
        PID:9572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 640
        6⤵
        Program crash
        
        PID:3988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 640
        6⤵
        Program crash
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        12⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        13⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        12⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        11⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        10⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        11⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 632
        10⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 680
        9⤵
        Program crash
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        11⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        12⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        11⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 664
        10⤵
        Program crash
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        10⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 712
        7⤵
        Program crash
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        7⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 640
        8⤵
        Program crash
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        9⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        11⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        11⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        11⤵
        
        PID:14400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 652
        10⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        9⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        10⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 628
        9⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        9⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        10⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        9⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 648
        9⤵
        
        PID:2092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 724
        6⤵
        Program crash
        
        PID:4264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 720
      4⤵
      Program crash
      PID:2980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 720
      4⤵
      Program crash
      PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        11⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        12⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        13⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        12⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 660
        12⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        11⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        12⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 636
        11⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        9⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 636
        10⤵
        Program crash
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        10⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        11⤵
        
        PID:14388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 672
        10⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 752
        8⤵
        Program crash
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 712
        8⤵
        Program crash
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
        10⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        11⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        12⤵
        
        PID:15684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 648
        11⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        9⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        10⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        11⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        10⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 644
        10⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 636
        8⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 636
        7⤵
        Program crash
        
        PID:1260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 636
        7⤵
        Program crash
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        12⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        13⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        12⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        13⤵
        
        PID:15576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 664
        12⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        11⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        12⤵
        
        PID:14428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 648
        11⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        10⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        11⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        12⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 656
        11⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        10⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        11⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        11⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        10⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        11⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 632
        10⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        11⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        12⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        11⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        10⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
        11⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 632
        10⤵
        
        PID:13728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 768
        8⤵
        Program crash
        
        PID:6816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 744
        6⤵
        Program crash
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 744
        6⤵
        Program crash
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        10⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        12⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 628
        12⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        12⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 644
        11⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        11⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        12⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 664
        11⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        10⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        11⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        12⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        10⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        11⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 656
        10⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 656
        10⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 632
        8⤵
        Program crash
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        10⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 636
        11⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        10⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 668
        10⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        10⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        10⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
        9⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        10⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 632
        9⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 632
        9⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 724
        6⤵
        Program crash
        
        PID:1720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 636
        5⤵
        Program crash
        
        PID:4960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 636
        5⤵
        Program crash
        
        PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        11⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        11⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        10⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        11⤵
        
        PID:15612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 720
        10⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        9⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        10⤵
        
        PID:14168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 636
        9⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        10⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        9⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        10⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 656
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        8⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        10⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        10⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        9⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        10⤵
        
        PID:15676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 688
        6⤵
        Program crash
        
        PID:740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 732
        6⤵
        Program crash
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        12⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 648
        10⤵
        Program crash
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        9⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 636
        9⤵
        
        PID:11776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 616
        5⤵
        Program crash
        
        PID:4324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 604
        10⤵
        Program crash
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        11⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 628
        10⤵
        Program crash
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 656
        9⤵
        Program crash
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        12⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        12⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        13⤵
        
        PID:15816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 668
        12⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        11⤵
        
        PID:408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 628
        11⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        11⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 636
        11⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        11⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        12⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        12⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        11⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 668
        10⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        10⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        11⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        12⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        11⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5412.exe
        10⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 728
        7⤵
        Program crash
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 728
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        12⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
        13⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        14⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        13⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        12⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        13⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        11⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        12⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 660
        11⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        10⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        11⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        12⤵
        
        PID:15692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 656
        11⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        10⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        11⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        12⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        10⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        9⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        11⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        11⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        11⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        9⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        11⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        11⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        10⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        11⤵
        
        PID:15540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 652
        10⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        10⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 660
        9⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        9⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        10⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 668
        9⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        11⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        11⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 652
        11⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        10⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 636
        7⤵
        Program crash
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 676
        7⤵
        Program crash
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        11⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        11⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        10⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 636
        10⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 636
        10⤵
        
        PID:12452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 720
        5⤵
        Program crash
        
        PID:5060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 748
        5⤵
        Program crash
        
        PID:1268
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 724
      4⤵
      Program crash
      PID:4100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 748
      4⤵
      Program crash
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36427.exe
        12⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        13⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        12⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        11⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        12⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        10⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        10⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        10⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 632
        10⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        10⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        9⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        10⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        10⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 688
        10⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        9⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        10⤵
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 668
        9⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        11⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        11⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        9⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        10⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        9⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 636
        8⤵
        Program crash
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        9⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        10⤵
        
        PID:14244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 612
        9⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        9⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 624
        8⤵
        
        PID:2092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 720
        6⤵
        Program crash
        
        PID:5588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 648
        5⤵
        Program crash
        
        PID:3796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 648
        5⤵
        Program crash
        
        PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 980 -ip 980
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 980 -ip 980
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1836 -ip 1836
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1836 -ip 1836
1⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3308 -ip 3308
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2740 -ip 2740
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5008 -ip 5008
1⤵
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3308 -ip 3308
1⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2740 -ip 2740
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5008 -ip 5008
1⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 692 -ip 692
1⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4880 -ip 4880
1⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 216 -ip 216
1⤵
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 692 -ip 692
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 216 -ip 216
1⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4880 -ip 4880
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4348 -ip 4348
1⤵
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4108 -ip 4108
1⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4108 -ip 4108
1⤵
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4348 -ip 4348
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4864 -ip 4864
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2416 -ip 2416
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3836 -ip 3836
1⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4228 -ip 4228
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4864 -ip 4864
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4140 -ip 4140
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3548 -ip 3548
1⤵
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3960 -ip 3960
1⤵
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2416 -ip 2416
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3548 -ip 3548
1⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3960 -ip 3960
1⤵
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4228 -ip 4228
1⤵
PID:692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3836 -ip 3836
1⤵
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4140 -ip 4140
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1948 -ip 1948
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4780 -ip 4780
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4320 -ip 4320
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3148 -ip 3148
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2996 -ip 2996
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1624 -ip 1624
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2228 -ip 2228
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2228 -ip 2228
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 1624 -ip 1624
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1948 -ip 1948
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3424 -ip 3424
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3876 -ip 3876
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4780 -ip 4780
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3876 -ip 3876
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2996 -ip 2996
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4320 -ip 4320
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3424 -ip 3424
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2636 -ip 2636
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1608 -ip 1608
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4812 -ip 4812
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2636 -ip 2636
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1152 -ip 1152
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3032 -ip 3032
1⤵
PID:1172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1060 -ip 1060
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4540 -ip 4540
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1608 -ip 1608
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1604 -ip 1604
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4664 -ip 4664
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4540 -ip 4540
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1604 -ip 1604
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 692 -ip 692
1⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3548 -ip 3548
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4664 -ip 4664
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2236 -ip 2236
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2864 -ip 2864
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1008 -ip 1008
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1888 -ip 1888
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1888 -ip 1888
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4276 -ip 4276
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1008 -ip 1008
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4360 -ip 4360
1⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3548 -ip 3548
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 692 -ip 692
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3812 -ip 3812
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4244 -ip 4244
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4360 -ip 4360
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4836 -ip 4836
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3432 -ip 3432
1⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 624 -ip 624
1⤵
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 872 -ip 872
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4140 -ip 4140
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6000 -ip 6000
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5236 -ip 5236
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4244 -ip 4244
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3432 -ip 3432
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4836 -ip 4836
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 548 -ip 548
1⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4132 -ip 4132
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6112 -ip 6112
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5904 -ip 5904
1⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5840 -ip 5840
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6132 -ip 6132
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4140 -ip 4140
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 624 -ip 624
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 872 -ip 872
1⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5236 -ip 5236
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4824 -ip 4824
1⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2236 -ip 2236
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5892 -ip 5892
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5632 -ip 5632
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4780 -ip 4780
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5832 -ip 5832
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6112 -ip 6112
1⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1448 -ip 1448
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6132 -ip 6132
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5840 -ip 5840
1⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2864 -ip 2864
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2628 -ip 2628
1⤵
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4780 -ip 4780
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5632 -ip 5632
1⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4276 -ip 4276
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1448 -ip 1448
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6000 -ip 6000
1⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 3104 -ip 3104
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5172 -ip 5172
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5728 -ip 5728
1⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3836 -ip 3836
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3104 -ip 3104
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5172 -ip 5172
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5728 -ip 5728
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3392 -ip 3392
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 2288 -ip 2288
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5316 -ip 5316
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5940 -ip 5940
1⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1016 -ip 1016
1⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5620 -ip 5620
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5876 -ip 5876
1⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5784 -ip 5784
1⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5896 -ip 5896
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5336 -ip 5336
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5992 -ip 5992
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6712 -ip 6712
1⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 3148 -ip 3148
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5512 -ip 5512
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1756 -ip 1756
1⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5584 -ip 5584
1⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6020 -ip 6020
1⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5340 -ip 5340
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5356 -ip 5356
1⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5724 -ip 5724
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1884 -ip 1884
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5492 -ip 5492
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7500 -ip 7500
1⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5720 -ip 5720
1⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3392 -ip 3392
1⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5316 -ip 5316
1⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5940 -ip 5940
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2288 -ip 2288
1⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 7044 -ip 7044
1⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1016 -ip 1016
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2628 -ip 2628
1⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5992 -ip 5992
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5896 -ip 5896
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5512 -ip 5512
1⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6712 -ip 6712
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5876 -ip 5876
1⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5784 -ip 5784
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5336 -ip 5336
1⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5340 -ip 5340
1⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6140 -ip 6140
1⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5584 -ip 5584
1⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 7124 -ip 7124
1⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6348 -ip 6348
1⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1756 -ip 1756
1⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5356 -ip 5356
1⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5724 -ip 5724
1⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5492 -ip 5492
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 1884 -ip 1884
1⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5720 -ip 5720
1⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 7044 -ip 7044
1⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4016 -ip 4016
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6856 -ip 6856
1⤵
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6528 -ip 6528
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4236 -ip 4236
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3856 -ip 3856
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6952 -ip 6952
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4956 -ip 4956
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6676 -ip 6676
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5536 -ip 5536
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2324 -ip 2324
1⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6080 -ip 6080
1⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5832 -ip 5832
1⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6356 -ip 6356
1⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5736 -ip 5736
1⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7124 -ip 7124
1⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 5704 -ip 5704
1⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6004 -ip 6004
1⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 7088 -ip 7088
1⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6240 -ip 6240
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5244 -ip 5244
1⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6744 -ip 6744
1⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 4420 -ip 4420
1⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6428 -ip 6428
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4664 -ip 4664
1⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7320 -ip 7320
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7008 -ip 7008
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 7028 -ip 7028
1⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7328 -ip 7328
1⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 3320 -ip 3320
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5352 -ip 5352
1⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1060 -ip 1060
1⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6780 -ip 6780
1⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6372 -ip 6372
1⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6560 -ip 6560
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7396 -ip 7396
1⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7052 -ip 7052
1⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5980 -ip 5980
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6644 -ip 6644
1⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7036 -ip 7036
1⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6264 -ip 6264
1⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5920 -ip 5920
1⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5884 -ip 5884
1⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6760 -ip 6760
1⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6488 -ip 6488
1⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6668 -ip 6668
1⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6628 -ip 6628
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5372 -ip 5372
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 1956 -ip 1956
1⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7792 -ip 7792
1⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7180 -ip 7180
1⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7104 -ip 7104
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3204 -ip 3204
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 7140 -ip 7140
1⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4868 -ip 4868
1⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6464 -ip 6464
1⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7812 -ip 7812
1⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7148 -ip 7148
1⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7096 -ip 7096
1⤵
PID:13520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6544 -ip 6544
1⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 2988 -ip 2988
1⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4812 -ip 4812
1⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6932 -ip 6932
1⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6952 -ip 6952
1⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6520 -ip 6520
1⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6756 -ip 6756
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6404 -ip 6404
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6676 -ip 6676
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7572 -ip 7572
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7160 -ip 7160
1⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 2324 -ip 2324
1⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6080 -ip 6080
1⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6272 -ip 6272
1⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 6260 -ip 6260
1⤵
PID:14440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2868 -ip 2868
1⤵
PID:15116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7428 -ip 7428
1⤵
PID:15136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6504 -ip 6504
1⤵
PID:15164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6356 -ip 6356
1⤵
PID:15208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 5704 -ip 5704
1⤵
PID:13484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe

Filesize
184KB

MD5
014cfacbefb0e0e2eb777b7730299ff4

SHA1
8ecdb19a425c25293729070bfebdc15ddb07fbcd

SHA256
d2c39a0b1276f935f2380140bec282548fc24d1852f19bb77e3b03c7460c72c3

SHA512
675e279634e153f33658240acedf08a1a559fa5e4d208a62490e6b547fcb43fca08204966178c95827598bc2f7f1edd944e9b5407567463b8e5c21e8223791bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe

Filesize
184KB

MD5
4eae51fea7cb8d05a2a0da93cf801d27

SHA1
18d6b71b8b7056271679dfcb5b210411bb731199

SHA256
3350c74658cbe758ea3d30a7d9b13176edf4f2f4cc0b208cb8ac1c8f80221fa7

SHA512
0818b6665565561606c12968af0a3f4c8759b67bcdb28320805223496ee9e4559acfbe6dc4d680a7472e3df132f6894c320456fe049d7313fd67731ed573da24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe

Filesize
184KB

MD5
81a33505648e7f2e6d61a57fdc492cc1

SHA1
20e39117a14deb9f60940c8cae22f9a9c8e6ab63

SHA256
d78100bf4b820b582d51946de564ea2d5429087a3282c5c9da9d2fa65f6c01b3

SHA512
823a2df3dd4d62834ceab3ba757707666a2561687a977f3cbe4355daa3c3a5928a0da5682528ab874f43cd5542c6873aca5d18133578621700bae95ba2569ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe

Filesize
184KB

MD5
e90fa46f06d6f084e8f0539deaa1d65d

SHA1
c8ab75277cf3ce41a180c3268edcf1ffb1760fce

SHA256
29d1dc98d47e721cb6316efa2605fec3fdf723d06618ff418f8319bfefc2bd63

SHA512
09f631ea2d99b45afffe25d09116df76c5d091e346e2a2ccc7ee2e392be1b48d11044d045a071d63665af5b76b709972699318c2beb1c99bcc8bfabae8a76cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe

Filesize
184KB

MD5
2c64c0ee3063833ca772af34b2666a34

SHA1
e425acad6b85258fb887f799a0b031e8373806ea

SHA256
e7dd2361948a50dd53aa839fc41c7717369d85288ec57d8b97477ab1838fbcc0

SHA512
e08981d711a4409d9c3f47524a132909d14049063b09171e56d93278c6e31daee92be29ff27c46c3a2d571bb4bc818f1088ce39bcbd1f3c71a7a41800e419780

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe

Filesize
184KB

MD5
53cb8d63f747c91782f7b64bb9934e4a

SHA1
95392850ad3cc144191944aac8891490200b3d90

SHA256
bca2cfe08aef95e7608ee1463f0966315d0e67a90d87926f39bfe6d10ef5553e

SHA512
91781cb188fb32efa18571c4e484ad3a04a32a7e16878ae8b306678cdf7e1227a3a34639ecddf324abffbf4b6bbc5756a13caa64146c69183b44a3bf0a250d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe

Filesize
184KB

MD5
6d941f1bd3822e899ed51840f3e2978d

SHA1
c5cd8c81f9c780122e3e1ee9c50ea2c029e13d34

SHA256
2350f4829a80d075b0857de27692bc7f48dc7aacf22816e8bfd5eb007d2027e9

SHA512
236fe091a05a8ea608d3dd73c92b0adaa4bc1604d0357bee12cc6a4d6d32c3b11d1bef1b4ab1fc94e01f4680895ec60e869a6506bc9bc708f766c2cf3a69cefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe

Filesize
184KB

MD5
36a0486e91bc3aef9858474a4fea1379

SHA1
cbadbe49ddce6d1c41425430c05fd01a439387a4

SHA256
ecaac2edd164bea7f412c7388189680c951280a8411620d007ad634752ecde64

SHA512
f620e5a6da2083aee46e5927560c21f0373e0cf3289c96924c0528cc5791c52ba6630578a1ec0d29363e6cc4f6afb12260c573d8f39b9ec75f98366cfa34e607

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe

Filesize
184KB

MD5
b834fe11be132c440506bdfc269255fe

SHA1
710bd872fca44d713031fdda4ff11f2a57a472d0

SHA256
ba0a7e0e3ef80d0d2c9b3ef09298ec9929b1bf715639b43658332e0f78641693

SHA512
60872299700694678ce65cab3dfdcafc19c6910931dd6817b520df1d57f760730c35a18ff33fb233c3c08964e1e96d362fe506f98c9847fd9f2d6a9bbc64e86a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe

Filesize
184KB

MD5
cfa495dade2b8e1cfa4562a7a0c69173

SHA1
ef10182cb976608210f5d70a648080e3386f7309

SHA256
d610d96eec213ac2df5ece6c021ceb3924912121c0e6987f3a6440a8643ae8f5

SHA512
51c7dc6f331fea7e9f5be2ededc953b6ded489c6ca4fc7775198dce7213343e1c4c863efc21b3bb26451f12dc216ad95a629be8ae23779808f3a9b5931dd28d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe

Filesize
184KB

MD5
a1bb6d5ab639a00851872124ede8a0fb

SHA1
3ae5373872fae82b78a27a96534c14ca95abeaeb

SHA256
663937455c49325f7cdca5a0357e5ed61200cf86c0f4f21ac8e7c2180c334588

SHA512
0db30e66198718ed0f194394fd1abe2f237059afa2ce47da9be64260ecb65e7a786de3c7b97e800649edb1bb43714311be8de948f6ba5b9ae34a2e8d15fd5e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe

Filesize
184KB

MD5
322bbbe1fa8de82c292a4336d87e8769

SHA1
30db64a1828bf1572e3361690fd307abff87cf41

SHA256
b3f6674c17947d2559329cbc806e5875fab7318b82dd3810dad22fa1b3922841

SHA512
e680deb9428468065e34d297f2f331135b011eb7b6e82f69f55d430995d7e54660969eac54c7eeb86d35fb6653eb4ab00bbae65112b90e44e47ded647e2080cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe

Filesize
184KB

MD5
17e3269519d50b9d34a1252e8a77059f

SHA1
4bf358ac73625d1425bc1e74ce8e0c55dcc8d9f8

SHA256
aa02aae4e411ba4235eb0e04ce4451b6082c37579f37152f1dcb7e6869232f82

SHA512
59f4db520cbd966801039bfcf5eb451f0c777cb32956331704691e84d3f691f685a5508ae6b2de415a2b01534d8d122da7991f12311890cf96ef053c4066e204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe

Filesize
184KB

MD5
259b5c0286c719d0783bbc05bbb9b8e5

SHA1
ca087ef03dabfd4c28defbe3f17b3ac71dc71332

SHA256
15c2bac34c0ec73f8f52295bd4ac9538cfb28a9fbca98f0755ee4e91499ec291

SHA512
d09d25e43aae16728b431661325d9470311860e98a79b7560933ff061137894765e5e3c8f020f27f7479e2c11f6ebd7224533c4294241a8eb5517f93f6feed9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe

Filesize
184KB

MD5
f00e573aad6b668b6155e0dbc94365f7

SHA1
818f9ac54e53d14e6369cb823b46e91d5370850d

SHA256
ec1432bc372a6d1fb739a3a7997aa571d646e3ecae459dc79a2d9ff2b6f59e77

SHA512
054c66f77c7c9908acc7741b86d0379c67d7c289a611988352970f2e5c8614838426a9545927178efdffc2856d5324ba66af3e967336b9aefd2468387930dc4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe

Filesize
184KB

MD5
1e5361be4247e2f774f5e562448b82e1

SHA1
11efe3a4e2fc14bae5593c1ef1981cadc9b298f9

SHA256
91c6001e1e19fda4fc07403731635c5c23fd6c323c95e0928db5443e7900cf1b

SHA512
3d708ec3ac82bbc17e27d0ea1d8f41e4ba5023e27df6e4f3f81c06408c6a8437a07e9db9b694a87b7a8cad67f0b0b5a774bcf7b8050b4dd05e292bd8b8fc0648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe

Filesize
184KB

MD5
667937257a7a1ef1f026e333a5069cf5

SHA1
9baba1e0bdb098587f05421cc5de2a88d6525b66

SHA256
f08ba0605e77ca65a217ec527ed3e71889b284375c5dd686f8226fc655b90d00

SHA512
c86dd2a2bd9c8490b907ebb7b29464146c5d0ff944617808ec9e8fa3532b6a731df06165af15c7b3a427cc07c78360b0fa4d9f16b5880dc1001f676029f8d0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe

Filesize
184KB

MD5
a6f405368630278854ec5b4fbcf840e9

SHA1
22835c8d1c9c4746b189ff6e8bf2f2994550116a

SHA256
b1fb76f841783689b6d7e898084cfb63abf44473c244534c0afcb4451707297a

SHA512
b38838713b5767d8a18b4dfe0bd0fd8f36514311e62117c96262019e4a816d0992ef9cb12249f2a010f093fda27b177e16dc74c38a1d7e2ac5afc8c80d8228a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe

Filesize
184KB

MD5
33cfc7f1db0b7749335fde2b3b21bb67

SHA1
10637e7f09f57a80213259843d5c3fb740247ae0

SHA256
b17c98540ed77b494a1c1dd264d9e5e009ebbbdcafe9c37d48809695413c6de0

SHA512
a7b075005b668ebc710a9a3d2f9c0268c92b704690eede7dd2b4d0beb60b0d4d7b1a75fcd65f5fc9cf1627c58c43e15585b1a579d3e8a62a425946524e4813e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe

Filesize
184KB

MD5
0aa5c85c291ffb87a52adebe6bc05229

SHA1
280d6e5e59a9debbe08c41a1a7960182b93751d3

SHA256
d04a721df4e6ec1c1190c371e6b75aebf45b7940d0896bed73b4e1d7703e2178

SHA512
608d319980c8354bae3bded38d09012dd9cad0f35184f1d5871645ddf8bfa84857ef46cf1d24090079e492f8f7e8c5693bb8285da9be406a36cd29d36a4e97b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe

Filesize
184KB

MD5
06c95c7ac307c869d50ac74d7f46009a

SHA1
1db16465c7040b0a35ae5d784e27c42191ad089d

SHA256
c82eb131968a8da0efc3224305be8cd746899f30d0ea5b1b3c09c92161b4f2ce

SHA512
ff629d94bfdf9df227812601e50d32ab15485c133af858230a59e79609aca2dc3cfeed1cf7871eea4dbdb903094ef4423362c92876609304867bb20164a27dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe

Filesize
184KB

MD5
5d5f775a4e0a4dff26297861351e206a

SHA1
a1b03604bfa2f2a36d48335ace1a40009c2363c1

SHA256
4b930ec1902e9858ec53793940ef1e7b69fe83b9eb981f12493fdecd968fe688

SHA512
533e77f305805ac58709a2a31811eb4793d4a894462c8b4942e2dd5e6ecef0091d93f79caa4ac0c7f4d5d540fc22be2350924ba4d52c9731660c2b812ed6b90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe

Filesize
184KB

MD5
b5ce71c3f46e5faee3dab5cd9210bb2c

SHA1
a71b134c049d157ae988d5c82f6a9645eb83fcb4

SHA256
b93a1a35e121566cab2e9dce385a0a4585af097b5f636cec5b04ca1a0c51f52c

SHA512
79af75d83dfc108ceb0afa99412304f166ee89d4ff7e4c5f78f5e8a02b4aecf73e15b42bc0f4ef9c5686a52ee363a1b25e23ab1c364d8c19a7397d5fe5450b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe

Filesize
184KB

MD5
bda0a028020da61ef2a8e9f0e2e2f0aa

SHA1
2d42905625c1bd6fc872d8770da3043242c776d9

SHA256
9205a8732f0edde30e7317678b7c97c4b75ac4a6390830d41cc0bdf9bd97a365

SHA512
278b332f9b05c309ce9eeb6e398fa213c677ee38f251531898af29e3f00d8491192b56ca898702764532f14853cb6b28257d42296b47c49406aaf3913ca916dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe

Filesize
184KB

MD5
6539d3bbcbeafa2c9d054f447ebef3b8

SHA1
3e005b0d78c0d0e5bbc565b836a7293ee6097270

SHA256
03d4158c5854b31679cbcb8b3d576ea0ff7733af58bf936017b5da80f5250ebc

SHA512
6e9f566f9127acefed8d567d7c8bc62ca57daee0d31a7705951475f7f9fcea993c0149abc511b3e6f039b325ebe4cdd7019f5f9bfbe24f4fe15e1b91a4bbecc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe

Filesize
184KB

MD5
eaf76d0aa61772770a0ea6bf9bfe1809

SHA1
112b936185a4e0203caafa1ed4989724509e3896

SHA256
de880e1ec1a5ed67424776f6eb77e9e7e96f76f4c9fd9a9625ee5cffa00cf617

SHA512
6074415725091d5bfac181dc9743463a4fb17b3ff3a1ec20ae43a7c159a0df76850a732da08a8fae8a91439f858ff32aeb09faa08e6957aac209b7f8282aab65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe

Filesize
184KB

MD5
d9cd95c3f0b02b02f3762804c0f0efa6

SHA1
8335f7403748491003f1a48aed6a0d7712e6665e

SHA256
20025826e05018a69fc57ea67dc5f76f7f5f416f4f3b020c5ebfbcb973e52c1d

SHA512
87d2c2e1c22ab92f0da83b40da919c199e82512452ecc26acde6214e8d58bad6c03476d68663f359459d84614031d2a505a79cbe696a843539a5d4045e7c104b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe

Filesize
184KB

MD5
f8c1eca4e1b336ea4c7813290d05ac72

SHA1
3d780188c182b7a4a85d9428ec1380eaa1ff8887

SHA256
9f51bd46944ec68b6583828439ed87c6de96586269bdb28978c7166852e41789

SHA512
0d132931a07a9d9d0fc895925906f40c6a95c8d0c868aa1e18817300d79d366632029fb072749a0f9fb6330526dc8510c5219d622bc8f80830deb1237c859639

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe

Filesize
184KB

MD5
066b8d743fe68f61dcba8b517667da9f

SHA1
915dd0a70d803f4e28062be702f544a9222ce680

SHA256
2f8e844e585179c9498f69c010d4b23879dbe77949e172e359faff83e4ca5558

SHA512
79621dc0a292d07a7c2748009604ec7cf2c39b01cf4d432353c0515e84001728652fc6ee82474a507f9cbe7ba65b6db8249edd037672af173e8d491450b6b72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe

Filesize
184KB

MD5
eb864e911b9b67ad6a22d5ace63d0733

SHA1
692a2c325d4b7fdbb8039b1c1975d04173e0404e

SHA256
84af79beb31c92d5f22794f1cbcf83840d30a43b0493fb80ec1c443ecbeb7201

SHA512
967f173381cf96f9bda5037a10c9cb46f7dbb5e4e3a3738ccc34004a153fbfc48c3d6213af45188afd4faa172710f7acc4393b1917f909c86a6ee0a6045aa92f

Download Submit
memory/3024-2286-0x0000000075540000-0x00000000755DB000-memory.dmp

Filesize
620KB

Download
memory/16836-2218-0x00007FF8CBEB0000-0x00007FF8CC0A5000-memory.dmp

Filesize
2.0MB

Download
memory/16932-2313-0x0000000075EA0000-0x0000000075F15000-memory.dmp

Filesize
468KB

Download