ed7bf8f3e7d9e60d342784cceee8978ec84729220cf2c87cc3a7a6d7bb25f788

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f3c3dc4b90ef9c03b70ac3f42d8280N.exe
Size

184KB
MD5

40f3c3dc4b90ef9c03b70ac3f42d8280
SHA1

a16625f410a0e36c1992d358cfaa970e6a5cdda5
SHA256

ed7bf8f3e7d9e60d342784cceee8978ec84729220cf2c87cc3a7a6d7bb25f788
SHA512

94e47c6ec5446787f0223daee17e8b067f78eae9c2590033707ca64fe5f9044d969914fb49283a0e29bdad723f4cbb48a0311a035a10fda009f823ebc552cf42
SSDEEP

3072:d9v9ZToHMa3CdOd4kig/8uoedlvhqnxFuw:d9voRuOdv8/edl5qnxFu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2428	Unicorn-27424.exe
376	Unicorn-17476.exe
4844	Unicorn-38450.exe
816	Unicorn-40392.exe
3120	Unicorn-61559.exe
3864	Unicorn-24056.exe
4228	Unicorn-10947.exe
5036	Unicorn-31922.exe
4336	Unicorn-38310.exe
3584	Unicorn-9359.exe
3696	Unicorn-5275.exe
3564	Unicorn-59115.exe
1776	Unicorn-15712.exe
212	Unicorn-6967.exe
3084	Unicorn-6967.exe
4108	Unicorn-43724.exe
2216	Unicorn-27942.exe
1316	Unicorn-27942.exe
4772	Unicorn-30822.exe
5084	Unicorn-50688.exe
2956	Unicorn-14507.exe
1288	Unicorn-47927.exe
844	Unicorn-2255.exe
4328	Unicorn-56095.exe
3248	Unicorn-47180.exe
1772	Unicorn-34928.exe
2444	Unicorn-10978.exe
2996	Unicorn-64860.exe
2200	Unicorn-11575.exe
4076	Unicorn-32550.exe
1608	Unicorn-17330.exe
4080	Unicorn-24944.exe
4060	Unicorn-58555.exe
3672	Unicorn-44980.exe
1900	Unicorn-4331.exe
4260	Unicorn-12499.exe
4352	Unicorn-12499.exe
4908	Unicorn-53532.exe
5100	Unicorn-41834.exe
1136	Unicorn-21222.exe
4816	Unicorn-1783.exe
4500	Unicorn-18674.exe
3196	Unicorn-50792.exe
100	Unicorn-6422.exe
3696	Unicorn-7019.exe
780	Unicorn-39692.exe
3284	Unicorn-27994.exe
4672	Unicorn-10527.exe
2072	Unicorn-18888.exe
4056	Unicorn-40054.exe
4384	Unicorn-35970.exe
3752	Unicorn-47476.exe
1388	Unicorn-15358.exe
4916	Unicorn-3703.exe
4784	Unicorn-65156.exe
3476	Unicorn-48628.exe
3580	Unicorn-28762.exe
1084	Unicorn-4258.exe
1864	Unicorn-9131.exe
2280	Unicorn-38466.exe
3936	Unicorn-25468.exe
664	Unicorn-25468.exe
688	Unicorn-13770.exe
2352	Unicorn-13407.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1768	376	WerFault.exe	92
2956	376	WerFault.exe	92
4568	3120	WerFault.exe	96
4468	3120	WerFault.exe	96
2424	816	WerFault.exe	95
4008	816	WerFault.exe	95
4048	5036	WerFault.exe	101
2396	4228	WerFault.exe	100
3256	4228	WerFault.exe	100
3948	5036	WerFault.exe	101
4056	4336	WerFault.exe	108
1224	4336	WerFault.exe	108
920	3584	WerFault.exe	110
4916	3696	WerFault.exe	111
816	3564	WerFault.exe	112
4984	3584	WerFault.exe	110
3580	3564	WerFault.exe	112
3320	3696	WerFault.exe	111
4404	1776	WerFault.exe	119
4088	1776	WerFault.exe	119
2920	2216	WerFault.exe	124
2492	1316	WerFault.exe	123
1404	2216	WerFault.exe	124
4784	1316	WerFault.exe	123
1184	4772	WerFault.exe	133
1940	4772	WerFault.exe	133
996	2956	WerFault.exe	139
464	1772	WerFault.exe	144
372	4328	WerFault.exe	142
1124	2956	WerFault.exe	139
1628	1772	WerFault.exe	144
1520	2444	WerFault.exe	145
3140	4328	WerFault.exe	142
1284	2444	WerFault.exe	145
1784	2996	WerFault.exe	158
872	1608	WerFault.exe	165
2716	2996	WerFault.exe	158
1124	4060	WerFault.exe	167
2716	5100	WerFault.exe	173
3740	1608	WerFault.exe	165
1528	1136	WerFault.exe	174
1976	4352	WerFault.exe	171
2084	5100	WerFault.exe	173
3508	1136	WerFault.exe	174
6000	1084	WerFault.exe	213
5964	4500	WerFault.exe	184
5900	4672	WerFault.exe	192
5464	3284	WerFault.exe	191
5868	4384	WerFault.exe	198
6080	1084	WerFault.exe	213
6804	3580	WerFault.exe	211
6884	4056	WerFault.exe	197
6220	664	WerFault.exe	227
4804	2452	WerFault.exe	279
8672	4352	WerFault.exe	283
6220	3760	WerFault.exe	285
8516	6292	WerFault.exe	435
8136	5884	WerFault.exe	313
7704	5860	WerFault.exe	312
8664	5636	WerFault.exe	361
8140	3424	WerFault.exe	280
5536	6960	WerFault.exe	392
6548	6452	WerFault.exe	415
5164	6968	WerFault.exe	393

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6967.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe
2428	Unicorn-27424.exe
376	Unicorn-17476.exe
4844	Unicorn-38450.exe
3120	Unicorn-61559.exe
816	Unicorn-40392.exe
3864	Unicorn-24056.exe
5036	Unicorn-31922.exe
4228	Unicorn-10947.exe
4336	Unicorn-38310.exe
3584	Unicorn-9359.exe
3696	Unicorn-5275.exe
3564	Unicorn-59115.exe
1776	Unicorn-15712.exe
212	Unicorn-6967.exe
3084	Unicorn-6967.exe
4108	Unicorn-43724.exe
2216	Unicorn-27942.exe
1316	Unicorn-27942.exe
4772	Unicorn-30822.exe
5084	Unicorn-50688.exe
2956	Unicorn-14507.exe
1288	Unicorn-47927.exe
844	Unicorn-2255.exe
4328	Unicorn-56095.exe
1772	Unicorn-34928.exe
3248	Unicorn-47180.exe
2444	Unicorn-10978.exe
2996	Unicorn-64860.exe
2200	Unicorn-11575.exe
4076	Unicorn-32550.exe
1608	Unicorn-17330.exe
4080	Unicorn-24944.exe
4060	Unicorn-58555.exe
3672	Unicorn-44980.exe
1900	Unicorn-4331.exe
4352	Unicorn-12499.exe
5100	Unicorn-41834.exe
4260	Unicorn-12499.exe
4908	Unicorn-53532.exe
1136	Unicorn-21222.exe
4816	Unicorn-1783.exe
4500	Unicorn-18674.exe
3196	Unicorn-50792.exe
100	Unicorn-6422.exe
3696	Unicorn-7019.exe
780	Unicorn-39692.exe
3284	Unicorn-27994.exe
4672	Unicorn-10527.exe
2072	Unicorn-18888.exe
4056	Unicorn-40054.exe
4384	Unicorn-35970.exe
3752	Unicorn-47476.exe
1388	Unicorn-15358.exe
4916	Unicorn-3703.exe
4784	Unicorn-65156.exe
3476	Unicorn-48628.exe
3580	Unicorn-28762.exe
1084	Unicorn-4258.exe
1864	Unicorn-9131.exe
2280	Unicorn-38466.exe
664	Unicorn-25468.exe
3936	Unicorn-25468.exe
688	Unicorn-13770.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2428	2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe	89
PID 2204 wrote to memory of 2428	2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe	89
PID 2204 wrote to memory of 2428	2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe	89
PID 2428 wrote to memory of 376	2428	Unicorn-27424.exe	92
PID 2428 wrote to memory of 376	2428	Unicorn-27424.exe	92
PID 2428 wrote to memory of 376	2428	Unicorn-27424.exe	92
PID 2204 wrote to memory of 4844	2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe	93
PID 2204 wrote to memory of 4844	2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe	93
PID 2204 wrote to memory of 4844	2204	40f3c3dc4b90ef9c03b70ac3f42d8280N.exe	93
PID 376 wrote to memory of 816	376	Unicorn-17476.exe	95
PID 376 wrote to memory of 816	376	Unicorn-17476.exe	95
PID 376 wrote to memory of 816	376	Unicorn-17476.exe	95
PID 2428 wrote to memory of 3120	2428	Unicorn-27424.exe	96
PID 2428 wrote to memory of 3120	2428	Unicorn-27424.exe	96
PID 2428 wrote to memory of 3120	2428	Unicorn-27424.exe	96
PID 4844 wrote to memory of 3864	4844	Unicorn-38450.exe	98
PID 4844 wrote to memory of 3864	4844	Unicorn-38450.exe	98
PID 4844 wrote to memory of 3864	4844	Unicorn-38450.exe	98
PID 816 wrote to memory of 4228	816	Unicorn-40392.exe	100
PID 816 wrote to memory of 4228	816	Unicorn-40392.exe	100
PID 816 wrote to memory of 4228	816	Unicorn-40392.exe	100
PID 376 wrote to memory of 5036	376	Unicorn-17476.exe	101
PID 376 wrote to memory of 5036	376	Unicorn-17476.exe	101
PID 376 wrote to memory of 5036	376	Unicorn-17476.exe	101
PID 3864 wrote to memory of 4336	3864	Unicorn-24056.exe	108
PID 3864 wrote to memory of 4336	3864	Unicorn-24056.exe	108
PID 3864 wrote to memory of 4336	3864	Unicorn-24056.exe	108
PID 5036 wrote to memory of 3584	5036	Unicorn-31922.exe	110
PID 5036 wrote to memory of 3584	5036	Unicorn-31922.exe	110
PID 5036 wrote to memory of 3584	5036	Unicorn-31922.exe	110
PID 4228 wrote to memory of 3696	4228	Unicorn-10947.exe	111
PID 4228 wrote to memory of 3696	4228	Unicorn-10947.exe	111
PID 4228 wrote to memory of 3696	4228	Unicorn-10947.exe	111
PID 816 wrote to memory of 3564	816	Unicorn-40392.exe	112
PID 816 wrote to memory of 3564	816	Unicorn-40392.exe	112
PID 816 wrote to memory of 3564	816	Unicorn-40392.exe	112
PID 4336 wrote to memory of 1776	4336	Unicorn-38310.exe	119
PID 4336 wrote to memory of 1776	4336	Unicorn-38310.exe	119
PID 4336 wrote to memory of 1776	4336	Unicorn-38310.exe	119
PID 3584 wrote to memory of 212	3584	Unicorn-9359.exe	120
PID 3584 wrote to memory of 212	3584	Unicorn-9359.exe	120
PID 3584 wrote to memory of 212	3584	Unicorn-9359.exe	120
PID 3696 wrote to memory of 3084	3696	Unicorn-5275.exe	121
PID 3696 wrote to memory of 3084	3696	Unicorn-5275.exe	121
PID 3696 wrote to memory of 3084	3696	Unicorn-5275.exe	121
PID 3564 wrote to memory of 4108	3564	Unicorn-59115.exe	122
PID 3564 wrote to memory of 4108	3564	Unicorn-59115.exe	122
PID 3564 wrote to memory of 4108	3564	Unicorn-59115.exe	122
PID 4228 wrote to memory of 2216	4228	Unicorn-10947.exe	124
PID 4228 wrote to memory of 2216	4228	Unicorn-10947.exe	124
PID 4228 wrote to memory of 2216	4228	Unicorn-10947.exe	124
PID 5036 wrote to memory of 1316	5036	Unicorn-31922.exe	123
PID 5036 wrote to memory of 1316	5036	Unicorn-31922.exe	123
PID 5036 wrote to memory of 1316	5036	Unicorn-31922.exe	123
PID 4336 wrote to memory of 4772	4336	Unicorn-38310.exe	133
PID 4336 wrote to memory of 4772	4336	Unicorn-38310.exe	133
PID 4336 wrote to memory of 4772	4336	Unicorn-38310.exe	133
PID 1776 wrote to memory of 5084	1776	Unicorn-15712.exe	134
PID 1776 wrote to memory of 5084	1776	Unicorn-15712.exe	134
PID 1776 wrote to memory of 5084	1776	Unicorn-15712.exe	134
PID 212 wrote to memory of 2956	212	Unicorn-6967.exe	139
PID 212 wrote to memory of 2956	212	Unicorn-6967.exe	139
PID 212 wrote to memory of 2956	212	Unicorn-6967.exe	139
PID 3584 wrote to memory of 1288	3584	Unicorn-9359.exe	140

C:\Users\Admin\AppData\Local\Temp\40f3c3dc4b90ef9c03b70ac3f42d8280N.exe
"C:\Users\Admin\AppData\Local\Temp\40f3c3dc4b90ef9c03b70ac3f42d8280N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40392.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        11⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        12⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        13⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        14⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        13⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        14⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        14⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        13⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        14⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 644
        13⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        12⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        13⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 744
        10⤵
        Program crash
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        12⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        13⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        14⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        13⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        14⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        12⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        13⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        13⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        11⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        12⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
        13⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        12⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        10⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        11⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        12⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 664
        12⤵
        Program crash
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        11⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        12⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        13⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        11⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        12⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        13⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        12⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        11⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        12⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        13⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        14⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        14⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        12⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 600
        12⤵
        Program crash
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
        11⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        12⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        13⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        13⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        11⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        12⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        12⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        10⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        11⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        12⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 720
        10⤵
        Program crash
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 740
        8⤵
        Program crash
        
        PID:372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 720
        8⤵
        Program crash
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 724
        7⤵
        Program crash
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 724
        7⤵
        Program crash
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        12⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17752.exe
        13⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        14⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        12⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        13⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        11⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 724
        9⤵
        Program crash
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 740
        9⤵
        Program crash
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        10⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        12⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 656
        8⤵
        Program crash
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 656
        8⤵
        Program crash
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 720
        7⤵
        Program crash
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 752
        7⤵
        Program crash
        
        PID:1404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 740
        6⤵
        Program crash
        
        PID:2396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 772
        6⤵
        Program crash
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        10⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        12⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
        13⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        14⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        14⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        13⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        11⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        12⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        13⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        14⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        12⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        13⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        14⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 616
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 628
        11⤵
        Program crash
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
        11⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        12⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        13⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        14⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        12⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        11⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        12⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        11⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        12⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        12⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        10⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        11⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        12⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        12⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        11⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
        11⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 632
        12⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        11⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        12⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        12⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        11⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        12⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        11⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        12⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 720
        8⤵
        Program crash
        
        PID:872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 748
        8⤵
        Program crash
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58244.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        11⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        12⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        13⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        14⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        14⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        12⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        13⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        12⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        13⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        13⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 724
        11⤵
        Program crash
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        11⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        11⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        12⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        11⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        11⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        11⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        12⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        11⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        12⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
        10⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        11⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5514.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        11⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 616
        8⤵
        Program crash
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 716
        7⤵
        Program crash
        
        PID:1520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 716
        7⤵
        Program crash
        
        PID:1284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 716
        6⤵
        Program crash
        
        PID:816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 716
        6⤵
        Program crash
        
        PID:3580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 632
        5⤵
        Program crash
        
        PID:2424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 680
        5⤵
        Program crash
        
        PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        10⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        11⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        12⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        13⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
        14⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        15⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        15⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        13⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        14⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        14⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        11⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        13⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        14⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        14⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        13⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        14⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        12⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        13⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        14⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        11⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        11⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 624
        12⤵
        Program crash
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        12⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        13⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        12⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
        13⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        11⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
        12⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        13⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        13⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        12⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        11⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        12⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        12⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        13⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        12⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        13⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        11⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        12⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        10⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        11⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        12⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
        11⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 720
        9⤵
        Program crash
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 752
        8⤵
        Program crash
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 768
        8⤵
        Program crash
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        10⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        12⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        13⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        14⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        14⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        14⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        14⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        11⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        12⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        13⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        12⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        10⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        11⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        12⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        13⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        14⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        14⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        13⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        12⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
        13⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe
        11⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        12⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        12⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 724
        9⤵
        Program crash
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60356.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        11⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        12⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        13⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        14⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        13⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        12⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        13⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        11⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        12⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        11⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        12⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        12⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        11⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        12⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        11⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        12⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 648
        11⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        11⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        11⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 728
        8⤵
        Program crash
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        9⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        11⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        13⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        14⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        15⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        14⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        13⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        14⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 540
        13⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        12⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        13⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        11⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        12⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        13⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        10⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        12⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        13⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        12⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 644
        12⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        12⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        12⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
        12⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        11⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        9⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        11⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        12⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        13⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        14⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        14⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        13⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        12⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
        13⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        11⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        11⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        10⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        11⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        12⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        13⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        12⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        13⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 740
        12⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        11⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        12⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        11⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
        9⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        11⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        11⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        11⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        12⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        10⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        11⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        9⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        10⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        10⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 640
        8⤵
        Program crash
        
        PID:6884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 740
        6⤵
        Program crash
        
        PID:920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 740
        6⤵
        Program crash
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        10⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        11⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        12⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        13⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        12⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        13⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        11⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        12⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        12⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        11⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
        11⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        12⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        10⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        11⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        11⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        11⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        10⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        11⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        11⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        10⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 740
        8⤵
        Program crash
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 640
        7⤵
        Program crash
        
        PID:464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 680
        7⤵
        Program crash
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 720
        7⤵
        Program crash
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 752
        7⤵
        Program crash
        
        PID:3508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 756
        6⤵
        Program crash
        
        PID:2492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 772
        6⤵
        Program crash
        
        PID:4784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 740
        5⤵
        Program crash
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 740
        5⤵
        Program crash
        
        PID:3948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 724
      4⤵
      Program crash
      PID:1768
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 768
      4⤵
      Program crash
      PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 720
      4⤵
      Program crash
      PID:4568
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 756
      4⤵
      Program crash
      PID:4468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        11⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        13⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        14⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        15⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        15⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        16⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        14⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        15⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        13⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        14⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        14⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        12⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        13⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        14⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        13⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        11⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        12⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        13⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        14⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        14⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        12⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 708
        11⤵
        Program crash
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        12⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        13⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        14⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        13⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
        12⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        13⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        11⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        12⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        11⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        12⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        13⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        13⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        12⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        13⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        13⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        12⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        12⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        11⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        12⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        10⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        12⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        10⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        11⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        12⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        13⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        13⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        11⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53416.exe
        12⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 604
        11⤵
        Program crash
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        11⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        12⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14502.exe
        10⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        11⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        11⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 744
        6⤵
        Program crash
        
        PID:4404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 768
        6⤵
        Program crash
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        11⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        13⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        14⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        14⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        12⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
        13⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        13⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        12⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        12⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        12⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        13⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        12⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        13⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        12⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        12⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        12⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        10⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        11⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        11⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
        12⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 632
        11⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 712
        9⤵
        Program crash
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        9⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        10⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        11⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        12⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        11⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        10⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
        11⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        9⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 724
        7⤵
        Program crash
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 724
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        11⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        12⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        12⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        10⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        11⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        10⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        11⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 672
        10⤵
        Program crash
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        9⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        11⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 624
        8⤵
        Program crash
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        9⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        11⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 624
        10⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        9⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        10⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 632
        9⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 660
        8⤵
        Program crash
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 720
        7⤵
        Program crash
        
        PID:5964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 764
        6⤵
        Program crash
        
        PID:1184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 764
        6⤵
        Program crash
        
        PID:1940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 724
        5⤵
        Program crash
        
        PID:4056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 744
        5⤵
        Program crash
        
        PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 376 -ip 376
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 376 -ip 376
1⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 3120 -ip 3120
1⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3120 -ip 3120
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 816 -ip 816
1⤵
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 816 -ip 816
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4228 -ip 4228
1⤵
PID:1264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5036 -ip 5036
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4228 -ip 4228
1⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5036 -ip 5036
1⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4336 -ip 4336
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4336 -ip 4336
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3584 -ip 3584
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3696 -ip 3696
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3564 -ip 3564
1⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3584 -ip 3584
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3564 -ip 3564
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3696 -ip 3696
1⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1776 -ip 1776
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1776 -ip 1776
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2216 -ip 2216
1⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1316 -ip 1316
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2216 -ip 2216
1⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1316 -ip 1316
1⤵
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4772 -ip 4772
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4772 -ip 4772
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2956 -ip 2956
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1772 -ip 1772
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4328 -ip 4328
1⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 2956 -ip 2956
1⤵
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1772 -ip 1772
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4328 -ip 4328
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3248 -ip 3248
1⤵
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2444 -ip 2444
1⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3248 -ip 3248
1⤵
PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2444 -ip 2444
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2996 -ip 2996
1⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2996 -ip 2996
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1608 -ip 1608
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4060 -ip 4060
1⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5100 -ip 5100
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1608 -ip 1608
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1136 -ip 1136
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4352 -ip 4352
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4908 -ip 4908
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4352 -ip 4352
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4908 -ip 4908
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4060 -ip 4060
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5100 -ip 5100
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1136 -ip 1136
1⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4672 -ip 4672
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1084 -ip 1084
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4500 -ip 4500
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3284 -ip 3284
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4384 -ip 4384
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4500 -ip 4500
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1084 -ip 1084
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3476 -ip 3476
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2072 -ip 2072
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1388 -ip 1388
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3224 -ip 3224
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3752 -ip 3752
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1864 -ip 1864
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2280 -ip 2280
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2072 -ip 2072
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3476 -ip 3476
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1388 -ip 1388
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4056 -ip 4056
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3580 -ip 3580
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3752 -ip 3752
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2280 -ip 2280
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1864 -ip 1864
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3580 -ip 3580
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4056 -ip 4056
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4384 -ip 4384
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5544 -ip 5544
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2284 -ip 2284
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 688 -ip 688
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3936 -ip 3936
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 536 -ip 536
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 664 -ip 664
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2560 -ip 2560
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1600 -ip 1600
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3288 -ip 3288
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2888 -ip 2888
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1404 -ip 1404
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4972 -ip 4972
1⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1904 -ip 1904
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2452 -ip 2452
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 688 -ip 688
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2284 -ip 2284
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3936 -ip 3936
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 620 -ip 620
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 536 -ip 536
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2560 -ip 2560
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 664 -ip 664
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3288 -ip 3288
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 2384 -ip 2384
1⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1404 -ip 1404
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4972 -ip 4972
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2888 -ip 2888
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1904 -ip 1904
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2452 -ip 2452
1⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3064 -ip 3064
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3228 -ip 3228
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5820 -ip 5820
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4772 -ip 4772
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3916 -ip 3916
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5828 -ip 5828
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5240 -ip 5240
1⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5188 -ip 5188
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2384 -ip 2384
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6984 -ip 6984
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 620 -ip 620
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2404 -ip 2404
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1300 -ip 1300
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1164 -ip 1164
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2444 -ip 2444
1⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2532 -ip 2532
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5100 -ip 5100
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3064 -ip 3064
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3424 -ip 3424
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6992 -ip 6992
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3228 -ip 3228
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4772 -ip 4772
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3916 -ip 3916
1⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3740 -ip 3740
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6088 -ip 6088
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5636 -ip 5636
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6060 -ip 6060
1⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5188 -ip 5188
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5140 -ip 5140
1⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3760 -ip 3760
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2404 -ip 2404
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1300 -ip 1300
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5668 -ip 5668
1⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1164 -ip 1164
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2444 -ip 2444
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7052 -ip 7052
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2532 -ip 2532
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4672 -ip 4672
1⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4352 -ip 4352
1⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3740 -ip 3740
1⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5272 -ip 5272
1⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5636 -ip 5636
1⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6060 -ip 6060
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6088 -ip 6088
1⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 6292 -ip 6292
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6496 -ip 6496
1⤵
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5752 -ip 5752
1⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5140 -ip 5140
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3760 -ip 3760
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5668 -ip 5668
1⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7052 -ip 7052
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6068 -ip 6068
1⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5432 -ip 5432
1⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5764 -ip 5764
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5484 -ip 5484
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5704 -ip 5704
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5408 -ip 5408
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5860 -ip 5860
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6824 -ip 6824
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5612 -ip 5612
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5008 -ip 5008
1⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5540 -ip 5540
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5884 -ip 5884
1⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5272 -ip 5272
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6292 -ip 6292
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6496 -ip 6496
1⤵
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3284 -ip 3284
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6400 -ip 6400
1⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5432 -ip 5432
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5764 -ip 5764
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6068 -ip 6068
1⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5484 -ip 5484
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5908 -ip 5908
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5408 -ip 5408
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5540 -ip 5540
1⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5704 -ip 5704
1⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5860 -ip 5860
1⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5612 -ip 5612
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5884 -ip 5884
1⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5008 -ip 5008
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3424 -ip 3424
1⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6116 -ip 6116
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6400 -ip 6400
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5644 -ip 5644
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5212 -ip 5212
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5132 -ip 5132
1⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5176 -ip 5176
1⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5136 -ip 5136
1⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 5660 -ip 5660
1⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5720 -ip 5720
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6856 -ip 6856
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6872 -ip 6872
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7036 -ip 7036
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5872 -ip 5872
1⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5876 -ip 5876
1⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5908 -ip 5908
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6936 -ip 6936
1⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6960 -ip 6960
1⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5896 -ip 5896
1⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6224 -ip 6224
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 2192 -ip 2192
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5680 -ip 5680
1⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6232 -ip 6232
1⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 884 -ip 884
1⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6312 -ip 6312
1⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6264 -ip 6264
1⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5964 -ip 5964
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6396 -ip 6396
1⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6336 -ip 6336
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6664 -ip 6664
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 4352 -ip 4352
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6580 -ip 6580
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6052 -ip 6052
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6488 -ip 6488
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 3056 -ip 3056
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6296 -ip 6296
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6552 -ip 6552
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6952 -ip 6952
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6544 -ip 6544
1⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6304 -ip 6304
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6928 -ip 6928
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6116 -ip 6116
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6172 -ip 6172
1⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 5212 -ip 5212
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5644 -ip 5644
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5176 -ip 5176
1⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5132 -ip 5132
1⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 5720 -ip 5720
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6856 -ip 6856
1⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 6872 -ip 6872
1⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5136 -ip 5136
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5660 -ip 5660
1⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 7036 -ip 7036
1⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 5896 -ip 5896
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6224 -ip 6224
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5872 -ip 5872
1⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 1408 -ip 1408
1⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6960 -ip 6960
1⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5876 -ip 5876
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6936 -ip 6936
1⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 2192 -ip 2192
1⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5680 -ip 5680
1⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6372 -ip 6372
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6232 -ip 6232
1⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 884 -ip 884
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6920 -ip 6920
1⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 6312 -ip 6312
1⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6480 -ip 6480
1⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5964 -ip 5964
1⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6264 -ip 6264
1⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5456 -ip 5456
1⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6396 -ip 6396
1⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6664 -ip 6664
1⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 6336 -ip 6336
1⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3056 -ip 3056
1⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6580 -ip 6580
1⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6488 -ip 6488
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6104 -ip 6104
1⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6052 -ip 6052
1⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 6296 -ip 6296
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7016 -ip 7016
1⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6952 -ip 6952
1⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6552 -ip 6552
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2732 -ip 2732
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6428 -ip 6428
1⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7532 -ip 7532
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7156 -ip 7156
1⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4056 -ip 4056
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6544 -ip 6544
1⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5416 -ip 5416
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6832 -ip 6832
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 7196 -ip 7196
1⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 6304 -ip 6304
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6944 -ip 6944
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3932 -ip 3932
1⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6764 -ip 6764
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 2280 -ip 2280
1⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7216 -ip 7216
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7764 -ip 7764
1⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6704 -ip 6704
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3048 -ip 3048
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6320 -ip 6320
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 7748 -ip 7748
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 7572 -ip 7572
1⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7224 -ip 7224
1⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6968 -ip 6968
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6452 -ip 6452
1⤵
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 6928 -ip 6928
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6172 -ip 6172
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5508 -ip 5508
1⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 1408 -ip 1408
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6920 -ip 6920
1⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6480 -ip 6480
1⤵
PID:816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 9104 -ip 9104
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 5456 -ip 5456
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6104 -ip 6104
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7016 -ip 7016
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2732 -ip 2732
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6428 -ip 6428
1⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 3288 -ip 3288
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6236 -ip 6236
1⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6284 -ip 6284
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6820 -ip 6820
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4056 -ip 4056
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 7156 -ip 7156
1⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6832 -ip 6832
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5416 -ip 5416
1⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6340 -ip 6340
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 1464 -ip 1464
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6792 -ip 6792
1⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4396 -ip 4396
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6912 -ip 6912
1⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4616 -ip 4616
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2356 -ip 2356
1⤵
PID:12564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe

Filesize
184KB

MD5
0ac5f77cf6dc0241828d51b9aab85e91

SHA1
3a1272ee47d836ecb8de34ddb9976c5b4f3250f2

SHA256
0d971001fea322600d5eef9f74070f1aaa7d853be455c3e64fffeee605c977e2

SHA512
bf776854fda442372c3d798f2477744703a8c3de3c88648472658a60bfb0cce4ffde293836d676b122cc9a078903fdf4eb33518e63f20092d0dc49bb1bd77287

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe

Filesize
184KB

MD5
6369c73011623e43e6588c957aa251bc

SHA1
2f60085ef6a3d53eaf66eff0bd0097a0260be894

SHA256
0b9ae56ec04da14c0390d975a54f4b2dea79ac617abf1814c08e88729da83030

SHA512
59754469d1bc94b9248f34306b1a1fcf29de8b27c99220961be8bec28eb6c20fc5be5c90dc41d8b7efd07830a0be672dfe0fc67b21d59cfae935f92dbe41580b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe

Filesize
184KB

MD5
508ab77257867fd3589085d1341fa378

SHA1
49b8e6617cf401182c665e7268dc37ff85f36b8b

SHA256
52c9118a9c52efd31ed0221898713500927defb090613aebc5aaf3312918d1d0

SHA512
52516ad7112879cf40b07ae372707b8121dd8f0f60dbe3c99cdb4ed55bc5287a25152f5f32751a240e36d4763912c2ed10bf629c1cdaa82747e38322433f6d2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe

Filesize
184KB

MD5
c801d1e694b8d1c19389c54e910b80a3

SHA1
ad05449af9c88326ea3f8440c7af9a27ee839316

SHA256
5fa62d61b605bff41b9c8ea644590a3ae13295c0ac4dd6d9875b8fd2762802c3

SHA512
5caf9faafbb6c86f693c013f36382b6c316f83637f6e9d49f4d44fb4c692d9a99ad72f51d26e2f1398f9f052e83a7b2a214ac0eeebb3cf56d4e566efad682580

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe

Filesize
184KB

MD5
e159497b479ebb5ed7759c74454773a1

SHA1
370ecef75c18a78f4e9c70ce3845d6571cd9d93d

SHA256
1f1bed750d22567218cf1e3a1380ff28d07ff3a2d481ff75aabb68fec138977c

SHA512
5184a0362e367f8db1be63b762793ba16804b33b18067497607f95a6729bc32bbfb445cee313915abf037e62660acbf2310a5bbd0349b70093917dac783934ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe

Filesize
184KB

MD5
f219112dea2af2d4165304060b1044e7

SHA1
9353f7955c60c19055518c46fa54304eb58e1aba

SHA256
bcecac0db1761813b8f040d35cd255aa65da23f862eef491570c05bc2f330813

SHA512
af95dc9c45dbec3d970ee2866528ff634297a7e205b6af32e8b9ec03c85e655a07844e1be0a8c8a9b923c167f4ca743ad42b3c64fef0a02b54ba0ade7e755d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe

Filesize
184KB

MD5
b1b614b7a89ea82dcdac09a1a3518d5c

SHA1
6467b27c6835fccc84ec8ec772d1bd401461b01a

SHA256
01589adeb817bf755ae52594ae3c63242d65970dfab734d33d5ffedc1f691723

SHA512
031f8eadb0ce11306eecf8748902a4b7c551ee0b87326f9c2f4821f89551a891e254d052c2ea4b2c1fae18f5141805d31d9f24b4c7d4fbb9ea56cd9ff7f21c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe

Filesize
184KB

MD5
f9fcbe9ebb674cd5ff95263079645cdd

SHA1
d0453fc2dd9c81cd6f7b2c30be0075a1524363a5

SHA256
3057843af3280951f9fd59ff81d62e2fff341f6353d8810a5cc3b846f922bb64

SHA512
4f8869d742b5b9aec2d7888ca1fb2d240b83716c58702534a6b4d43b994c4c319c960ddcc6eb6fabc5a9f089cfb3767694dfcc0c0d373f6ff8b1ed2d1fd1d02d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe

Filesize
184KB

MD5
365619a78cdc9726ae8a3e1cdf38f3b8

SHA1
5d3951a53836afd83fd6dd198b892ab68a376274

SHA256
44d8634036303db3d73d633fc2815d49146f87891498d0e6423c22c934e87841

SHA512
191e9becfd9239cfb94a7e6f0583e880813ad9cfa09c01f0c9d1fe102017fbafe936d4c67c1034109ef7dec3090bf5ac58b31d279c4ea529f50f2c9112b2742b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe

Filesize
184KB

MD5
0b76bded55e89203ff16ce093947dd6d

SHA1
937620d92e065c959e20824a931330dffada29ad

SHA256
8d956128d5c16eb45ff83553aee15671c565f081293395645509306425a61483

SHA512
42f49d10c37a11427bf051ff4be0e8819b21fa67c0ccfc26c6948fb16a1ac1e5a20f636b0974346040c1dc3b105a1d9be0b0db684ea39126fadfd11eb7600ce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe

Filesize
184KB

MD5
7d94314a0b5fd750309b8abfb480a281

SHA1
b4c2c55bc934ef8fb4e95ee04ca15f4efc956aeb

SHA256
f53acee43ca6bab54ede4e6b4fe6f85f12d623432ad6627000558ae8aa1c602a

SHA512
4d5380751ad2865ce2790eb5be49cafe79bdad23836a7148523ae02ee9529c01ee8074a51bb9b461b8958297f801dc0f464939431dcd30b7c2ad707c856926da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe

Filesize
184KB

MD5
174d4d3101af9e1f5ef3e491292d0c67

SHA1
e06ad1061924233dfbc932d6c2eb0526caa03783

SHA256
d5fc70dbd70d1b561cbeb071272a4410c16501b614646629c4720950b7069081

SHA512
29cb19c4ef57594b899c5703c55773d82c137d831f3ca6eb958da09663bbd3d8d75514764b8fe24dc64631fd752b3b1b84d47718b319cc83ab64d68b56ecd326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe

Filesize
184KB

MD5
aa093f562c051a18968236d79ba75410

SHA1
3b61bddae4dbce3d5980c313cb35b7036a6261e4

SHA256
75c07b17dcd40d2b0b4207be4591603084bb7f86b61c0a4c1aa1d72c3354f3f2

SHA512
2cc82b5d42777aea9233a62c4f98db50ad734e8fcd8e4cfeebec878ac6f4d9ba83f4c2df870342e20ee6db6117560a92c0b66248562f079cef51410ea02bf490

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe

Filesize
184KB

MD5
c3e4de37ebc2294af3f95cb91ee7a2cc

SHA1
cbcae07460f184cce6b2cc0db76d84c917e5cd64

SHA256
4c5ab672bbf0fb3aba80cab7fc100543686637575ac100fb08ddda669b810cc7

SHA512
9978b96f0aaf039a1fbf366e14188600d28e1dad83e219f1878c7b974fc7c797f87534fbac92e0983c1926bfcc743a6df848973882e3e517e1344bb20cd9f300

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe

Filesize
184KB

MD5
fc0a25e66c051007fa5903e2607efe33

SHA1
9769384925605ee0ccda52fd6e73c26ab7766851

SHA256
f67b17e59089a875f7eeae024201585a29a23b2fd7a1a37a7363c8c17a685d51

SHA512
12be03a82e64594e938a3f984783881b27ea47399fda29b8342b7f66725b34e413a5ffc1b51d8f9cd53cde16da6b80b2e2caa214a962b1a6c61dafacb10a2f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe

Filesize
184KB

MD5
1dcdce40bda02361a52dc6948a75ca85

SHA1
f89cd58d7c12f00321911ed59aba15afd40bd249

SHA256
a162f7756ecfd78e63acb6ddf0c6ab6f33be17a5b92f6c3452b82df44a7f887b

SHA512
11a7332c3157e5b6b1e421882c3b96b64dd4a0cb0f8c5aa9007a4652756ec60fec0676d81a5a8348e47bcc0a7f3b9f0d401dff4185aeb3b099a5ebef4bae11a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe

Filesize
184KB

MD5
565c51df830dc3704a1ddb5d749de89c

SHA1
351a7c94f9aa7e87c83c626ad47dbbdd2bdbab21

SHA256
3bd6ce7ae6c74b351179785aed810b59a14ba136d024109944c0f2e16d2ba8b5

SHA512
f1c60f6d68dad8275fd9b417a002d8d34c179cb96004c8dc4162fafb556256844e010d91fcc9f390467402808e4e901b49f54752203d1f0abea5354c4e723fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe

Filesize
184KB

MD5
2acc15817bd137aa38157e7f2fbda340

SHA1
760d59c7e109d5391617114bc47c3426a8b76d5b

SHA256
1ea277b183edb67b3cd8eeab10a5a210461dd6a97bec32d9c815fa0c32873e3a

SHA512
7ebc2c17ea89487e92f9535db9c67d3ca5bfe5e755812d0b1730de819df5c703bcd1288dc182cf2960f74a8b4e3bd947331868421589615aa855521fb8096eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe

Filesize
184KB

MD5
f56e45a8d18a7b2a07ee67337a2a01af

SHA1
21b31f238c0abaab9c3aab569d50673622c92e88

SHA256
10169dce4be43554119b640bd67848a54bf2f3dac00bd2b6f261ecf2f55d6aa8

SHA512
6e04771cd5b8aa472afccf2cac276646cfb35c044ecc8cbb04478baf686b2491e179be76165c64b3afda095e95efc54c780fe9ea2a3aaaf607aa40f64f852295

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe

Filesize
184KB

MD5
d5f3e63501f2fa56d46805ea02b586b6

SHA1
388c16b9f5bb3f0cac76fe49708130877b93e76d

SHA256
8be48bf3e59427539ada8bb5cf2c8933c04345efa0ff6776fd1ddbc6895f34a3

SHA512
bb9aec6711f88da5cd63ca627c5756432df76d724df8a0e1840bc917a5937a86ff653c2b27e32f1803f41dfe37d9f499c4db4fe562283f504a28f64b9edaa65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe

Filesize
184KB

MD5
ab38cd227991e60ac9188314b27a7e24

SHA1
4eaef49a5362f6d44650f7d1ab654e6637ec3a77

SHA256
2b4e5e28ef103c08f00f7f3a72d2e85734a5519699022fdbf6e04128dac23582

SHA512
c5d768bcc099ce83d69d1d86a5bec8e8f3bcfc573c108f06e764331f3a031f2bc414ab0aa6ff48586b52cdef4d5476f50124c4c13f707d021927349317cf4a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40392.exe

Filesize
184KB

MD5
7b4193f1ab2eb1fed0b04564915a78e3

SHA1
b465a836eaab9c1691c514971cbc3684baf121fb

SHA256
26bbaa8447d10539b2ba95be8c17a0a8999daec6d40b1a37834180f4395e6bab

SHA512
8d970ee59b5d3f38e077d9ee4625a94641dfffd038751485b5a1d918fad48467082617805ec7153324d5df4962a034e60251188de4fb4d95dcd8412f0ff9b80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe

Filesize
184KB

MD5
809e8212ff96e2ef5f9cd90462945f88

SHA1
e56cc41930f386c369e35076b798812e11a4d2ba

SHA256
03c322d0c24d0344831ee0fbaae5b51f36e720b88c5688d4218108890f411212

SHA512
5fa59fb2079c8bd7aaf50a78ced64259f86a7e46391dae3ced37ed38b1214b242e2ccc8b38809ae2e1b031dd46c6d6b888c60062eeaea066b4ac91c92013d4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe

Filesize
184KB

MD5
8461e589cd5620cfe35327b9169aa80f

SHA1
ab016b5a6d41cecea0a4163d5e91ee9dec9654dc

SHA256
f2572ac6bca261fdc61795f6c46147a22ab1f06822cb69783277a143a266910c

SHA512
cfe3dd892119d38f10433cc58286a3c12776342e11975f4c9fdba37c68be690e342d16f770026166da22613f5b6dc114a41360cacc25c6395e9466556dbd9f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe

Filesize
184KB

MD5
df6d867806842a7c1de0b32eb19edacb

SHA1
2099693d575e0c6e74fd35f33f40560567cd43fb

SHA256
978b602a1bc92e666bf8e2ddd9ab3b0d109ba729861153d96cb8388b76b901db

SHA512
5f0745fe1543a4345180b8251a59d9e7c4e5ac94150ad1ad74cffcdc852f112d1b0615201816d8c6185ef14d7291324307a8bb7bfdb266fb46cf468df57ee4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe

Filesize
184KB

MD5
563c6f3d2c64d589f18ff951af6b84d5

SHA1
a8c58825f13fc85c6e7c03251e7a47a33a788c48

SHA256
ce41b42a93184ca4e12d978fa6ba25e8e9bbbffb7aca49bb45aec0c909e2846a

SHA512
b625b19d00637d5ab5d125aba318db2839f4f162cfa957ca6137aa1e9e451d8bfc15885b8e71842cb745948bc2ff29c5120f636c9f53a92f66537ced48a5d045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe

Filesize
184KB

MD5
3cdd20512f0f81ed48c41745f6a7ae0e

SHA1
19ff61701c6cefe299eca218c1ec53a780a75e9e

SHA256
1525393551c63f1416d1b998cc21e629359347405af6a3e41fc4aae42c03e227

SHA512
acbe49d941d06d35e3891b601e312adbfd75e23c13794aa1bec5174ccbc3302abfdef71fbaac6f92e77395a80ac51ce9b8efc5131b48142f3fa8ff4fef600b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe

Filesize
184KB

MD5
c87c18af6b7e4aabeddd4ffd03589a54

SHA1
a165b4d4be73fd131953638faeb44bfd875f336f

SHA256
a8b676381e1e1e9bd185878dfcbe2730103251c55a40c35c63c34743d627c15d

SHA512
a13bda3fe9019998b3b14b684a7edb3c248e85d9ee215ac9744c37c54a59e6ec4bd8a81f3a9879a1a9e60f3e28f57bfc84ac96e342309994d13bd25a203dd03a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe

Filesize
184KB

MD5
1d25b553e53a7a25683c4d67503da7dc

SHA1
f64bf0ed9a3a17427743280d8483bb8440e9e3e8

SHA256
0fb5dac58f265cdfdf9e0c277938ba1d4b2b185b9561d9438deaa34d394e3220

SHA512
259415608028dbefc999906907aa032dbc9d842cf26805b523a9b14c5409728c85ce5ef3d2bd92c910c85e672a31cfa34b6edd6089092342ed2f0e3bb2952fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe

Filesize
184KB

MD5
46db9275a26df4a0f6f94ccc262bca38

SHA1
85aaa4093a5cf91532165b060c0782eb3b4dac65

SHA256
c4bd88da16559755aec725d3304a71716583832b1791c678ca908d65bd7df3be

SHA512
24d25343e6c32d6ccce9829cd0f187b19604cd56cd42260fa06268914a5c8ae281b5247826e87cb7c9b18b1be759d10638ba33c8efa388becec379aaab9e9b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe

Filesize
184KB

MD5
cea6768100676c7a9bbb19c08aa013b8

SHA1
b2631a607d6ba6b1b8024e2bbb31258018d22abd

SHA256
07707c155a8ad9eaa7b829a9665dd74f8f229cf0c4d4780a82f355eb9d7de32b

SHA512
b76f457d7c8de7388b7a76aa55dbe8a2ed6a98b90698e2a72703584bab897267f0b692e83597e53ffbf680201c7e1fadfbd806484d9d8eeb7630f7aa544e6bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe

Filesize
184KB

MD5
b493a2dc71248e0c85f762fab8a2a85c

SHA1
45bc84ad71860fc08d9a4fddcde7e97eafc7c21e

SHA256
ae7bee8c3956f464f2090327e95e61801cfb04cd7d225d13e95eb9edc1a97959

SHA512
baadda488aeec9d6ff915760ba605349b56be9eadf8bbf40837c18f0118e52152469ff23e66657a1300a8623ce9ff9102333e0990b4358292c9edf668d6d4633

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe

Filesize
184KB

MD5
f1593fb1466a8fa7faf17b85b6da8957

SHA1
ff303d09a854ab11066efb0900ce82e2cd8dd256

SHA256
f22d9162766c011d2d49ee628d036962fb966c069f36fb385e1027590907d238

SHA512
1c48cfa6948050d8fec2690ef70ee58062420faec6ee8e42412980faac7d3895d2bdda6da829e4712f3188811b241681a9b8142ebae84534c8bd6a340288df99

Download Submit