1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
Size

468KB
MD5

2ee27071c98fa4e66f584e09e613671d
SHA1

6ff9618effab38afac4f98e87b3dab31281b7d9b
SHA256

1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef
SHA512

c01d619e6c6c54373f2e11021dcaf3192477439a8ce069c337b8b1d0b3b084b219c55c931590d3ad7abae1f4847798bc995b5898757446c4a08020c5a11eb8a1
SSDEEP

3072:1G3HogISIE5TtbY2HzcOcf8/zChaP0p2JVHeTVPaQ65LR7ggEslL:1G3obMTtxH4OcfuYHcQ6VVggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
1540	Unicorn-61106.exe
2788	Unicorn-27412.exe
3508	Unicorn-54609.exe
4052	Unicorn-39446.exe
1036	Unicorn-41484.exe
2076	Unicorn-47614.exe
2272	Unicorn-40000.exe
748	Unicorn-28154.exe
1812	Unicorn-4204.exe
1800	Unicorn-56742.exe
1852	Unicorn-3457.exe
5076	Unicorn-14318.exe
4628	Unicorn-23969.exe
4172	Unicorn-30100.exe
1960	Unicorn-42087.exe
2148	Unicorn-35336.exe
3268	Unicorn-15491.exe
4796	Unicorn-38604.exe
5116	Unicorn-37950.exe
3532	Unicorn-7131.exe
512	Unicorn-42496.exe
1560	Unicorn-13161.exe
2448	Unicorn-39539.exe
4444	Unicorn-52056.exe
4556	Unicorn-47972.exe
2552	Unicorn-16483.exe
2964	Unicorn-36274.exe
4360	Unicorn-37666.exe
1880	Unicorn-48527.exe
2360	Unicorn-58178.exe
2948	Unicorn-37666.exe
1836	Unicorn-48740.exe
1252	Unicorn-6316.exe
656	Unicorn-49184.exe
4800	Unicorn-26626.exe
2580	Unicorn-34794.exe
1456	Unicorn-55306.exe
5072	Unicorn-23096.exe
2664	Unicorn-29075.exe
2744	Unicorn-12619.exe
3872	Unicorn-52837.exe
2300	Unicorn-2889.exe
5092	Unicorn-15141.exe
1704	Unicorn-7528.exe
3840	Unicorn-35562.exe
1624	Unicorn-31478.exe
4540	Unicorn-19125.exe
2732	Unicorn-42095.exe
4116	Unicorn-19802.exe
532	Unicorn-15718.exe
988	Unicorn-9587.exe
4788	Unicorn-58696.exe
2796	Unicorn-54612.exe
2928	Unicorn-9495.exe
4988	Unicorn-19701.exe
1572	Unicorn-48945.exe
4864	Unicorn-59880.exe
1804	Unicorn-51513.exe
4936	Unicorn-11441.exe
5084	Unicorn-38084.exe
672	Unicorn-18218.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2152	1960	WerFault.exe	108
5428	2664	WerFault.exe	132
3752	4556	WerFault.exe	118
5836	532	WerFault.exe	143
5912	4556	WerFault.exe	118
6088	1960	WerFault.exe	108
6056	2664	WerFault.exe	132
6920	3060	WerFault.exe	172
212	2948	WerFault.exe	122
5636	4796	WerFault.exe	111
7024	1252	WerFault.exe	126
7112	6212	WerFault.exe	260
4660	4864	WerFault.exe	151
7996	5564	WerFault.exe	185
8856	6256	WerFault.exe	301
8808	5796	WerFault.exe	295
8904	6024	WerFault.exe	308
2412	5528	WerFault.exe	184
8432	60	WerFault.exe	216
9392	5128	WerFault.exe	179
9980	60	WerFault.exe	216
10048	6660	WerFault.exe	370
10040	7232	WerFault.exe	377
10032	1784	WerFault.exe	365
10952	1580	WerFault.exe	206
10824	7428	WerFault.exe	449
9068	5760	WerFault.exe	192
11020	6016	WerFault.exe	371
10512	6348	WerFault.exe	303
10660	6696	WerFault.exe	314
9116	6936	WerFault.exe	318
10596	6284	WerFault.exe	312
8748	4376	WerFault.exe	352
6964	4884	WerFault.exe	327
8732	6476	WerFault.exe	310
4060	7016	WerFault.exe	326
4492	6848	WerFault.exe	344
9712	8484	WerFault.exe	484
2792	7452	WerFault.exe	451
1068	7384	WerFault.exe	380
11084	6184	WerFault.exe	258
10352	1696	WerFault.exe	354
2800	6232	WerFault.exe	262
8396	3396	WerFault.exe	356
5636	5312	WerFault.exe	213
4760	1480	WerFault.exe	348
6148	3272	WerFault.exe	210
7112	6544	WerFault.exe	274
11220	6080	WerFault.exe	253
8184	4972	WerFault.exe	430
11168	6796	WerFault.exe	428
11136	7808	WerFault.exe	432
11144	7748	WerFault.exe	423
11152	2140	WerFault.exe	427
11160	3552	WerFault.exe	425
11112	8100	WerFault.exe	437
11108	1336	WerFault.exe	418
9852	6452	WerFault.exe	368
11280	7644	WerFault.exe	467
11364	4788	WerFault.exe	145
11356	6636	WerFault.exe	361
11316	912	WerFault.exe	169
12420	7176	WerFault.exe	373
5688	7904	WerFault.exe	461

System Location Discovery: System Language Discovery 1 TTPs 61 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40000.exe

Suspicious use of SetWindowsHookEx 55 IoCs

pid	Process
3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
1540	Unicorn-61106.exe
3508	Unicorn-54609.exe
2788	Unicorn-27412.exe
4052	Unicorn-39446.exe
2272	Unicorn-40000.exe
1036	Unicorn-41484.exe
2076	Unicorn-47614.exe
748	Unicorn-28154.exe
1812	Unicorn-4204.exe
1800	Unicorn-56742.exe
4172	Unicorn-30100.exe
4628	Unicorn-23969.exe
1960	Unicorn-42087.exe
5076	Unicorn-14318.exe
1852	Unicorn-3457.exe
2148	Unicorn-35336.exe
3268	Unicorn-15491.exe
4796	Unicorn-38604.exe
5116	Unicorn-37950.exe
3532	Unicorn-7131.exe
512	Unicorn-42496.exe
1560	Unicorn-13161.exe
2360	Unicorn-58178.exe
2552	Unicorn-16483.exe
2964	Unicorn-36274.exe
2448	Unicorn-39539.exe
1880	Unicorn-48527.exe
4556	Unicorn-47972.exe
4360	Unicorn-37666.exe
4444	Unicorn-52056.exe
2948	Unicorn-37666.exe
1836	Unicorn-48740.exe
1252	Unicorn-6316.exe
4800	Unicorn-26626.exe
656	Unicorn-49184.exe
1456	Unicorn-55306.exe
2580	Unicorn-34794.exe
5072	Unicorn-23096.exe
2664	Unicorn-29075.exe
2744	Unicorn-12619.exe
3872	Unicorn-52837.exe
2300	Unicorn-2889.exe
5092	Unicorn-15141.exe
1704	Unicorn-7528.exe
1624	Unicorn-31478.exe
3840	Unicorn-35562.exe
4540	Unicorn-19125.exe
532	Unicorn-15718.exe
4116	Unicorn-19802.exe
2732	Unicorn-42095.exe
988	Unicorn-9587.exe
4788	Unicorn-58696.exe
2928	Unicorn-9495.exe
4988	Unicorn-19701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 1540	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	89
PID 3956 wrote to memory of 1540	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	89
PID 3956 wrote to memory of 1540	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	89
PID 1540 wrote to memory of 2788	1540	Unicorn-61106.exe	92
PID 1540 wrote to memory of 2788	1540	Unicorn-61106.exe	92
PID 1540 wrote to memory of 2788	1540	Unicorn-61106.exe	92
PID 3956 wrote to memory of 3508	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	93
PID 3956 wrote to memory of 3508	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	93
PID 3956 wrote to memory of 3508	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	93
PID 3508 wrote to memory of 4052	3508	Unicorn-54609.exe	95
PID 3508 wrote to memory of 4052	3508	Unicorn-54609.exe	95
PID 3508 wrote to memory of 4052	3508	Unicorn-54609.exe	95
PID 3956 wrote to memory of 1036	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	97
PID 3956 wrote to memory of 1036	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	97
PID 3956 wrote to memory of 1036	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	97
PID 2788 wrote to memory of 2076	2788	Unicorn-27412.exe	98
PID 2788 wrote to memory of 2076	2788	Unicorn-27412.exe	98
PID 2788 wrote to memory of 2076	2788	Unicorn-27412.exe	98
PID 1540 wrote to memory of 2272	1540	Unicorn-61106.exe	99
PID 1540 wrote to memory of 2272	1540	Unicorn-61106.exe	99
PID 1540 wrote to memory of 2272	1540	Unicorn-61106.exe	99
PID 4052 wrote to memory of 748	4052	Unicorn-39446.exe	101
PID 4052 wrote to memory of 748	4052	Unicorn-39446.exe	101
PID 4052 wrote to memory of 748	4052	Unicorn-39446.exe	101
PID 3508 wrote to memory of 1812	3508	Unicorn-54609.exe	102
PID 3508 wrote to memory of 1812	3508	Unicorn-54609.exe	102
PID 3508 wrote to memory of 1812	3508	Unicorn-54609.exe	102
PID 2076 wrote to memory of 1800	2076	Unicorn-47614.exe	103
PID 2076 wrote to memory of 1800	2076	Unicorn-47614.exe	103
PID 2076 wrote to memory of 1800	2076	Unicorn-47614.exe	103
PID 2272 wrote to memory of 1852	2272	Unicorn-40000.exe	104
PID 2272 wrote to memory of 1852	2272	Unicorn-40000.exe	104
PID 2272 wrote to memory of 1852	2272	Unicorn-40000.exe	104
PID 2788 wrote to memory of 5076	2788	Unicorn-27412.exe	105
PID 2788 wrote to memory of 5076	2788	Unicorn-27412.exe	105
PID 2788 wrote to memory of 5076	2788	Unicorn-27412.exe	105
PID 1540 wrote to memory of 4628	1540	Unicorn-61106.exe	106
PID 1540 wrote to memory of 4628	1540	Unicorn-61106.exe	106
PID 1540 wrote to memory of 4628	1540	Unicorn-61106.exe	106
PID 1036 wrote to memory of 4172	1036	Unicorn-41484.exe	107
PID 1036 wrote to memory of 4172	1036	Unicorn-41484.exe	107
PID 1036 wrote to memory of 4172	1036	Unicorn-41484.exe	107
PID 3956 wrote to memory of 1960	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	108
PID 3956 wrote to memory of 1960	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	108
PID 3956 wrote to memory of 1960	3956	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	108
PID 748 wrote to memory of 2148	748	Unicorn-28154.exe	109
PID 748 wrote to memory of 2148	748	Unicorn-28154.exe	109
PID 748 wrote to memory of 2148	748	Unicorn-28154.exe	109
PID 1812 wrote to memory of 3268	1812	Unicorn-4204.exe	110
PID 1812 wrote to memory of 3268	1812	Unicorn-4204.exe	110
PID 1812 wrote to memory of 3268	1812	Unicorn-4204.exe	110
PID 4052 wrote to memory of 4796	4052	Unicorn-39446.exe	111
PID 4052 wrote to memory of 4796	4052	Unicorn-39446.exe	111
PID 4052 wrote to memory of 4796	4052	Unicorn-39446.exe	111
PID 3508 wrote to memory of 5116	3508	Unicorn-54609.exe	112
PID 3508 wrote to memory of 5116	3508	Unicorn-54609.exe	112
PID 3508 wrote to memory of 5116	3508	Unicorn-54609.exe	112
PID 1800 wrote to memory of 3532	1800	Unicorn-56742.exe	113
PID 1800 wrote to memory of 3532	1800	Unicorn-56742.exe	113
PID 1800 wrote to memory of 3532	1800	Unicorn-56742.exe	113
PID 2076 wrote to memory of 512	2076	Unicorn-47614.exe	114
PID 2076 wrote to memory of 512	2076	Unicorn-47614.exe	114
PID 2076 wrote to memory of 512	2076	Unicorn-47614.exe	114
PID 4628 wrote to memory of 1560	4628	Unicorn-23969.exe	115

C:\Users\Admin\AppData\Local\Temp\1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
"C:\Users\Admin\AppData\Local\Temp\1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        7⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 644
        8⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 644
        8⤵
        Program crash
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        8⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 668
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        7⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        9⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        10⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 624
        8⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 624
        8⤵
        Program crash
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        7⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 636
        8⤵
        Program crash
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 624
        7⤵
        Program crash
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        8⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 636
        9⤵
        Program crash
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 652
        8⤵
        Program crash
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
        9⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        10⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        8⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        9⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        8⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        7⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 512
        7⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        7⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 632
        8⤵
        Program crash
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 636
        7⤵
        Program crash
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        7⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 648
        7⤵
        
        PID:13736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 768
        6⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        11⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 660
        11⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 660
        11⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 648
        10⤵
        Program crash
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 640
        9⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 640
        9⤵
        Program crash
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 736
        8⤵
        Program crash
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        9⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        9⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
        10⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        9⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        9⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        9⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        10⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6164.exe
        10⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        9⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        9⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        9⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        8⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 636
        9⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 636
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        9⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        8⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28235.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
        7⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        9⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        9⤵
        
        PID:14860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 648
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        8⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:14656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 512 -s 756
        6⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        7⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        8⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 644
        9⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 744
        8⤵
        Program crash
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 744
        8⤵
        Program crash
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        7⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 640
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 640
        8⤵
        Program crash
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 628
        7⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        6⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16080.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        6⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 636
        7⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 636
        7⤵
        Program crash
        
        PID:4060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 632
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        6⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
        6⤵
        
        PID:15176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 504
        5⤵
        
        PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        6⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 644
        7⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        7⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 640
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        7⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        6⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        8⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        7⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        10⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        9⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        9⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        7⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        6⤵
        
        PID:7308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 660
        6⤵
        Program crash
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        5⤵
        
        PID:1784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 636
        6⤵
        Program crash
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        5⤵
        
        PID:8468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 748
        5⤵
        
        PID:11644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        6⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 644
        7⤵
        
        PID:5172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 748
        6⤵
        
        PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        5⤵
        
        PID:6928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 632
        6⤵
        
        PID:9680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 660
        5⤵
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      4⤵
      PID:6804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 656
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
      4⤵
      PID:7768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 636
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
      4⤵
      PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        5⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        6⤵
        
        PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
      4⤵
      PID:13192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
      4⤵
      PID:14572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        8⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 724
        9⤵
        Program crash
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 624
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        9⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        8⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        8⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 660
        7⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 660
        7⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35562.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
        7⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 636
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        9⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        8⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 668
        7⤵
        Program crash
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        6⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 640
        7⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        6⤵
        
        PID:7228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 764
        6⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        7⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        5⤵
        
        PID:8736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 644
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        5⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        5⤵
        
        PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        6⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 636
        7⤵
        Program crash
        
        PID:8808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 720
        6⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        6⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 636
        7⤵
        Program crash
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        6⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        7⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        6⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        6⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        5⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        5⤵
        
        PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
      4⤵
      PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        5⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        6⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        6⤵
        
        PID:8972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 660
        5⤵
        Program crash
        
        PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      4⤵
      PID:8756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 636
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
      4⤵
      PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        5⤵
        
        PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
      4⤵
      PID:14700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24244.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        10⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        11⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        11⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        11⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        10⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        9⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        10⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        9⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        8⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 636
        9⤵
        Program crash
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        8⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        8⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        6⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 636
        7⤵
        
        PID:3292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 736
        6⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        6⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        9⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        8⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 656
        7⤵
        Program crash
        
        PID:10352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 720
        6⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        6⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 616
        7⤵
        
        PID:9604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 744
        6⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        7⤵
        
        PID:6072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 752
        6⤵
        Program crash
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        6⤵
        
        PID:8920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 744
        5⤵
        
        PID:9312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        8⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        7⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        6⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        7⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        6⤵
        
        PID:7564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 636
        5⤵
        Program crash
        
        PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        5⤵
        
        PID:14832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 764
      4⤵
      PID:11740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        8⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 636
        9⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 744
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        7⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        7⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        6⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 636
        7⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        6⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 640
        7⤵
        Program crash
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        6⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        7⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        8⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        6⤵
        
        PID:12376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 512
        6⤵
        
        PID:9160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 740
        5⤵
        
        PID:6064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 740
        5⤵
        Program crash
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
      4⤵
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
      4⤵
      PID:6692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 640
        5⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        5⤵
        
        PID:10196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 636
        6⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        5⤵
        
        PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
      4⤵
      PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        5⤵
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        5⤵
        
        PID:14904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
    3⤵
    - Executes dropped EXE
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        6⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 636
        7⤵
        Program crash
        
        PID:11168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 648
        6⤵
        Program crash
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        7⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        6⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        7⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        6⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        5⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        5⤵
        
        PID:11368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 680
        5⤵
        
        PID:15304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 636
      4⤵
      Program crash
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
    3⤵
    PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49004.exe
    3⤵
    PID:6848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 636
      4⤵
      PID:2260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 636
      4⤵
      Program crash
      PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
    3⤵
    PID:7944
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 636
      4⤵
      PID:11712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23088.exe
    3⤵
    PID:10148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
    3⤵
    PID:13232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
    3⤵
    PID:14664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        10⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        11⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        12⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        12⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        11⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        10⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        11⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        11⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        10⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        10⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        10⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        10⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        9⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        10⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        9⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        9⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        8⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 636
        9⤵
        Program crash
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        8⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4197.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        10⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        10⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45557.exe
        9⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        9⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        8⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        7⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 636
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        8⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        7⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        7⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 632
        8⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 636
        7⤵
        Program crash
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        6⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 636
        7⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        8⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        9⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 548
        10⤵
        Program crash
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 668
        9⤵
        Program crash
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 632
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
        7⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 632
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        8⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        9⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
        7⤵
        
        PID:9804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 772
        6⤵
        Program crash
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        5⤵
        
        PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        7⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        7⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 636
        8⤵
        Program crash
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 652
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        7⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 648
        8⤵
        Program crash
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        8⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 652
        7⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        7⤵
        
        PID:12992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 692
        6⤵
        Program crash
        
        PID:11316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 708
        5⤵
        Program crash
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        6⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        8⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 640
        9⤵
        Program crash
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 636
        8⤵
        Program crash
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        7⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 636
        8⤵
        Program crash
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 636
        7⤵
        Program crash
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
        5⤵
        
        PID:7036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 720
        5⤵
        
        PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
      4⤵
      PID:7080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 636
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
      4⤵
      PID:8484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 632
        5⤵
        Program crash
        
        PID:9712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 504
      4⤵
      PID:11636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        5⤵
        
        PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5603.exe
        5⤵
        
        PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        9⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        8⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 684
        7⤵
        
        PID:12860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 664
        6⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        6⤵
        
        PID:8388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 668
        6⤵
        
        PID:13744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 668
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        5⤵
        
        PID:12360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 660
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
      4⤵
      PID:13248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        5⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        5⤵
        
        PID:6212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 640
        6⤵
        Program crash
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        6⤵
        
        PID:9620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 752
        5⤵
        
        PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
      4⤵
      PID:3060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 628
        5⤵
        Program crash
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        5⤵
        
        PID:9056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 636
        6⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        5⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        6⤵
        
        PID:11776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 504
      4⤵
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 724
      4⤵
      Program crash
      PID:5428
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 756
      4⤵
      Program crash
      PID:6056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
    3⤵
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
      4⤵
      PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        5⤵
        
        PID:7668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 628
        6⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        5⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        6⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        7⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
        6⤵
        
        PID:15268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 632
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
      4⤵
      PID:8700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 644
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
      4⤵
      PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
      4⤵
      PID:14684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
    3⤵
    PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
    3⤵
    PID:5488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 640
      4⤵
      PID:6356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
    3⤵
    PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
      4⤵
      PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        5⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        5⤵
        
        PID:14808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 668
      4⤵
      PID:13992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 708
    3⤵
    PID:11596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 720
        6⤵
        Program crash
        
        PID:5836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 604
        5⤵
        Program crash
        
        PID:212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        9⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        8⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 632
        7⤵
        Program crash
        
        PID:10660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 756
        6⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        7⤵
        
        PID:9436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 636
        6⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        5⤵
        
        PID:8440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 632
        5⤵
        
        PID:11604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        6⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 644
        7⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        6⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 636
        7⤵
        
        PID:11676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 660
        6⤵
        Program crash
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        7⤵
        
        PID:14600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 660
        6⤵
        Program crash
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        5⤵
        
        PID:9212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 636
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
        5⤵
        
        PID:14740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
      4⤵
      PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
      4⤵
      PID:4020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 656
        5⤵
        
        PID:12808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 712
      4⤵
      PID:9328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        6⤵
        
        PID:10752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 628
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
      4⤵
      PID:6660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 636
        5⤵
        Program crash
        
        PID:10048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 652
      4⤵
      PID:9536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
      4⤵
      PID:5040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 724
        5⤵
        
        PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
      4⤵
      PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
      4⤵
      PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        5⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        6⤵
        
        PID:8924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 680
      4⤵
      PID:13976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
    3⤵
    PID:6392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 632
      4⤵
      PID:12800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 724
    3⤵
    PID:9544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 632
      4⤵
      Program crash
      PID:3752
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 652
      4⤵
      Program crash
      PID:5912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 720
    3⤵
    - Program crash
    PID:2152
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 720
    3⤵
    - Program crash
    PID:6088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        5⤵
        
        PID:5292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 640
        6⤵
        
        PID:7220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 636
        5⤵
        
        PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
      4⤵
      PID:1480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 636
        5⤵
        
        PID:6712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 636
        5⤵
        Program crash
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
      4⤵
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        5⤵
        
        PID:7776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 672
      4⤵
      PID:11612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
    3⤵
    PID:6536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 636
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
    3⤵
    PID:7644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 636
      4⤵
      Program crash
      PID:11280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
    3⤵
    PID:12484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
    3⤵
    PID:15260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
  2⤵
  PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
    3⤵
    PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 636
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
    3⤵
    PID:5248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 732
    3⤵
    - Program crash
    PID:2800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
  2⤵
  PID:6016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 644
    3⤵
    PID:8560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 644
    3⤵
    - Program crash
    PID:11020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
  2⤵
  PID:8708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 636
    3⤵
    PID:14224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
  2⤵
  PID:9764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
    3⤵
    PID:13000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
    3⤵
    PID:14824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
  2⤵
  PID:4212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
  2⤵
  PID:14648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4556 -ip 4556
1⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1960 -ip 1960
1⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2664 -ip 2664
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 532 -ip 532
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4556 -ip 4556
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1960 -ip 1960
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2664 -ip 2664
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3524 -ip 3524
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1572 -ip 1572
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4236 -ip 4236
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3524 -ip 3524
1⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1572 -ip 1572
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4748 -ip 4748
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2536 -ip 2536
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3396 -ip 3396
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2320 -ip 2320
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3060 -ip 3060
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4588 -ip 4588
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3548 -ip 3548
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1804 -ip 1804
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2096 -ip 2096
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5108 -ip 5108
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2948 -ip 2948
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4444 -ip 4444
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4236 -ip 4236
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 748 -ip 748
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4748 -ip 4748
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2744 -ip 2744
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 656 -ip 656
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4172 -ip 4172
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1852 -ip 1852
1⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 2536 -ip 2536
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3396 -ip 3396
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2320 -ip 2320
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3060 -ip 3060
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3548 -ip 3548
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4588 -ip 4588
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1804 -ip 1804
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1252 -ip 1252
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5072 -ip 5072
1⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3268 -ip 3268
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4796 -ip 4796
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1456 -ip 1456
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4800 -ip 4800
1⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5108 -ip 5108
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2096 -ip 2096
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 748 -ip 748
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4444 -ip 4444
1⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2948 -ip 2948
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 2744 -ip 2744
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4172 -ip 4172
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 656 -ip 656
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1852 -ip 1852
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 532 -ip 532
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 1252 -ip 1252
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5072 -ip 5072
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3268 -ip 3268
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1456 -ip 1456
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4800 -ip 4800
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4796 -ip 4796
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2268 -ip 2268
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5168 -ip 5168
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5648 -ip 5648
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5572 -ip 5572
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5548 -ip 5548
1⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5504 -ip 5504
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5336 -ip 5336
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5268 -ip 5268
1⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6004 -ip 6004
1⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5192 -ip 5192
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5688 -ip 5688
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5644 -ip 5644
1⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5400 -ip 5400
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6300 -ip 6300
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6248 -ip 6248
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6240 -ip 6240
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6552 -ip 6552
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6176 -ip 6176
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2380 -ip 2380
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6224 -ip 6224
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6352 -ip 6352
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5692 -ip 5692
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6212 -ip 6212
1⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6192 -ip 6192
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5260 -ip 5260
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4936 -ip 4936
1⤵
PID:656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4360 -ip 4360
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3872 -ip 3872
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4324 -ip 4324
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4540 -ip 4540
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2732 -ip 2732
1⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2268 -ip 2268
1⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3892 -ip 3892
1⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5168 -ip 5168
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4320 -ip 4320
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3176 -ip 3176
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1560 -ip 1560
1⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2076 -ip 2076
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4864 -ip 4864
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5648 -ip 5648
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5564 -ip 5564
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5572 -ip 5572
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5504 -ip 5504
1⤵
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5548 -ip 5548
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5336 -ip 5336
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5268 -ip 5268
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5688 -ip 5688
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5192 -ip 5192
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6004 -ip 6004
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6300 -ip 6300
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5644 -ip 5644
1⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5400 -ip 5400
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6248 -ip 6248
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6552 -ip 6552
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6240 -ip 6240
1⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6176 -ip 6176
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2380 -ip 2380
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6256 -ip 6256
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5796 -ip 5796
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 6224 -ip 6224
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 6024 -ip 6024
1⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6352 -ip 6352
1⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 5692 -ip 5692
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5260 -ip 5260
1⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4936 -ip 4936
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6192 -ip 6192
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4360 -ip 4360
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 3872 -ip 3872
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 4324 -ip 4324
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4540 -ip 4540
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 2732 -ip 2732
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 3892 -ip 3892
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5528 -ip 5528
1⤵
PID:728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4320 -ip 4320
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 3176 -ip 3176
1⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5596 -ip 5596
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5620 -ip 5620
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5804 -ip 5804
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5512 -ip 5512
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 2076 -ip 2076
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 1560 -ip 1560
1⤵
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5364 -ip 5364
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5040 -ip 5040
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 60 -ip 60
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 5836 -ip 5836
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6328 -ip 6328
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1928 -ip 1928
1⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5948 -ip 5948
1⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 1580 -ip 1580
1⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5608 -ip 5608
1⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5316 -ip 5316
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5700 -ip 5700
1⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5488 -ip 5488
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5004 -ip 5004
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7016 -ip 7016
1⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6060 -ip 6060
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6916 -ip 6916
1⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2468 -ip 2468
1⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6452 -ip 6452
1⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6016 -ip 6016
1⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2960 -ip 2960
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5368 -ip 5368
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6536 -ip 6536
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 7204 -ip 7204
1⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6080 -ip 6080
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1316 -ip 1316
1⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6320 -ip 6320
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1480 -ip 1480
1⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 6692 -ip 6692
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5292 -ip 5292
1⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 3368 -ip 3368
1⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 7080 -ip 7080
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6636 -ip 6636
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6848 -ip 6848
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4788 -ip 4788
1⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 2796 -ip 2796
1⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 1704 -ip 1704
1⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5304 -ip 5304
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 512 -ip 512
1⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1880 -ip 1880
1⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5116 -ip 5116
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5128 -ip 5128
1⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2300 -ip 2300
1⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4988 -ip 4988
1⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 5084 -ip 5084
1⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1036 -ip 1036
1⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6480 -ip 6480
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5076 -ip 5076
1⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 6928 -ip 6928
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6660 -ip 6660
1⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 7232 -ip 7232
1⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1784 -ip 1784
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6804 -ip 6804
1⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5000 -ip 5000
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4020 -ip 4020
1⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6392 -ip 6392
1⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6892 -ip 6892
1⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7036 -ip 7036
1⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5860 -ip 5860
1⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6540 -ip 6540
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7428 -ip 7428
1⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 1336 -ip 1336
1⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 8100 -ip 8100
1⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 3552 -ip 3552
1⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2140 -ip 2140
1⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7748 -ip 7748
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7808 -ip 7808
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 6796 -ip 6796
1⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4972 -ip 4972
1⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5760 -ip 5760
1⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4884 -ip 4884
1⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6476 -ip 6476
1⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 3272 -ip 3272
1⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4376 -ip 4376
1⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6284 -ip 6284
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6936 -ip 6936
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6348 -ip 6348
1⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6696 -ip 6696
1⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 6544 -ip 6544
1⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 5312 -ip 5312
1⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3396 -ip 3396
1⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6232 -ip 6232
1⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1696 -ip 1696
1⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6184 -ip 6184
1⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 7384 -ip 7384
1⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7452 -ip 7452
1⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 8484 -ip 8484
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 7736 -ip 7736
1⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7668 -ip 7668
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7644 -ip 7644
1⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 8624 -ip 8624
1⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 912 -ip 912
1⤵
PID:13916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3508 -ip 3508
1⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 672 -ip 672
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 4116 -ip 4116
1⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3840 -ip 3840
1⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 1800 -ip 1800
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4052 -ip 4052
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4628 -ip 4628
1⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 2360 -ip 2360
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2580 -ip 2580
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7264 -ip 7264
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6220 -ip 6220
1⤵
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 7944 -ip 7944
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 8736 -ip 8736
1⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8796 -ip 8796
1⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6032 -ip 6032
1⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 9056 -ip 9056
1⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 9212 -ip 9212
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7904 -ip 7904
1⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7176 -ip 7176
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7364 -ip 7364
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6808 -ip 6808
1⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4864 -ip 4864
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5564 -ip 5564
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 5780 -ip 5780
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6056 -ip 6056
1⤵
PID:14348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 4444 -ip 4444
1⤵
PID:14424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6212 -ip 6212
1⤵
PID:14540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 6328 -ip 6328
1⤵
PID:14980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1504 -p 1928 -ip 1928
1⤵
PID:15056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1592 -p 5804 -ip 5804
1⤵
PID:15168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 5620 -ip 5620
1⤵
PID:15176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5512 -ip 5512
1⤵
PID:15212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7768 -ip 7768
1⤵
PID:15136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 8708 -ip 8708
1⤵
PID:14548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7308 -ip 7308
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 8764 -ip 8764
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1652 -p 8440 -ip 8440
1⤵
PID:15352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 7016 -ip 7016
1⤵
PID:14444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 6360 -ip 6360
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1632 -p 8028 -ip 8028
1⤵
PID:14748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 9080 -ip 9080
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1696 -p 7244 -ip 7244
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 6524 -ip 6524
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4296 -ip 4296
1⤵
PID:12624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe

Filesize
468KB

MD5
fbf87be32b7433513380b96fd9aaa8df

SHA1
80d20e563e618077e3b075b63ed4955f98d54445

SHA256
557eaff3cf63c8536f0cd335893b6650e5f64c24639007857308aabe35e5e4a5

SHA512
6c7fd4079187ba552e7fd61640f81366c3e44051ec699684b74d6395aed58991f106274b08d2416660eb8842e4871378fbd40070ce7c3204e9979a2f18fa4731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe

Filesize
468KB

MD5
7704eee753eb411ad3a7bc46b727f173

SHA1
87776f78539f9f2c3065b840065a1cc16e1fc336

SHA256
b6ce663f1e6c68dbe95c8ae48ebc561fbf915493ac45c1d60cef1b8c8707777d

SHA512
61b6c5a5f396c6a8bb4717c2a46ac0f6ca6545fa0141215ccd7e8ef4e1280a6e4c890e0be4057dca05484cf4662f77817af6360741e51bb4d196fbfdb13b7a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe

Filesize
468KB

MD5
d5cd03bccaa66b86c56a9b5bde25fa30

SHA1
ba95091935d07cf4ed966b1dc37c0386e8bf2d5f

SHA256
4630353bd91c369ebf696d522c05508e3fb3fc27593565a9c324fd6dea076a63

SHA512
ce6deea9a9c1045c6a6227725c53c2810dd168c1bcd1dd705edc491d9ad8a875def776621cf4ceaa6385922f8092f7c7e06bcd5edaa93c1c19945f2e520b3596

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe

Filesize
468KB

MD5
8f5e40c01b0fef9a028047659a10ca4e

SHA1
23d51947cb29fd7a87ad62c3d45e31f6a325f201

SHA256
4f3e23feb620a159a14b10cdcd859d2e43b8aa7f45d24eca029c20f898379b8b

SHA512
b1809dfdbf5a2a0a9d615a31cc02a3c8527fcd03258563e99ccbc820a9ddfa720a8eb82ee4b1c01c38b29b58d3406a53cf0c118d69a852443b743b76ff7fa747

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe

Filesize
468KB

MD5
f7ee52155fcc7a1ccd7e1be1b0585df6

SHA1
2fea1e2fdca7ef298b2fab88bc92c58baed9e8ea

SHA256
6369189bb5eb682493e23e152da8023bc82f111e8f77dba4e73d1023fd37960d

SHA512
081a572f6e5e51384623baf9788f64d489e5b2b6decd9c8679f4c83cb27057e12ef11eece78ab373eebb8874e277bc4c7eae2d38a73fb58dfd22cd83586ea9d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe

Filesize
468KB

MD5
9ab9e441ce42f94a9c0ef6066cbd6c06

SHA1
5f1995df9f970af71466aa9dafc51789d9400a09

SHA256
3fec88af71bfa974891e955d8305bb9e2fe87cbb35bf6d841b827417ac4c0d67

SHA512
5abfa68f935ebacb7ef4300cdaeac4d925019bc5af2535cdeef8432295c5a7faea8c622fdfccb494523c457865c16ed2f172da744776866781e04678e479df79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe

Filesize
468KB

MD5
4e8f5e1119a51cd458b8bd262e3c4c63

SHA1
6a407c7c43f8abdc472464bdcc01c18e064ba6d6

SHA256
9fd3716f6633a6d3aff7a07adc16bc16759c3097a88e07c93c5bd62a17afff16

SHA512
3e1a413790bdf68f004cea7247769b93133588ba8478845c18c71072dd4ef75cf9416fb996921d019533cf1362b37f77170352811df5b93cf0d550222454b04f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe

Filesize
468KB

MD5
bf754362d852ddae9621785153204476

SHA1
8de175190ee1f90ccb014077bb3e5b6f7fe9b8df

SHA256
33e3f3d8669560cddf4bb757d6f24fe7fbcdbdc253fa832cc450977c74f262c5

SHA512
cb4b9d83b8d0e67758a82b2e2159fece2f68acdfc019fbc965fbb28a027b5493ab10e1772f86b1f946d1e4a80a0200182089ffce4b976139858405900e6b0aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe

Filesize
468KB

MD5
7e94737b6f40810759715d6827d2e177

SHA1
2834387fc6d7989508d26d2a868a84da1d59cb7e

SHA256
7f6ada4a3f362d421435754dafe33d4784b994f868bde52fd772ae644c158312

SHA512
f38f65634427ebd07859c500acb2236dc5772ed5f0fa57a072d6deb70a518fbdce9e0b2f45b1f76a180a5ea05dfc1c0905b3b942e2d7f5245b9d3af873dd5a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe

Filesize
468KB

MD5
7ea5787e59a914a6fb8e225dfd061e58

SHA1
3bdd7c0a19fd340775e666b952f820290c0a59a4

SHA256
3a0d8521eaed0517fdee42a3ae67f2fa20bbc4144950ea8f7434ce5e514ecb2d

SHA512
9d93e09647f30be47d7b8dc21ee00ec6cc2738fd5a19177d2c3bcc0d8aef510ec44a8e6a1301174cb6a839160aae266d78f0c320546da413cd1851345a07d6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe

Filesize
468KB

MD5
1c3b5131e93f78f1736097b813648c47

SHA1
8f614d703decc8abf439311dc7947226de2a6f0e

SHA256
69c0593d02bb83b5f9d742f66641de0c64102c1805337909e29df9f908093a3d

SHA512
50ca2fc6b5ed89712d941f9dfe43ff2fdca77fd9072d32da9ae50f2707429a6fa786aa67f51347841fab57859d8784ed4942e3ae2bb72c3663450f33f99dd9de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe

Filesize
468KB

MD5
b4ed5dcb37c344a664b9bcba16bb27c8

SHA1
77dbf1a772dd35eb400d35a749a63a22c2313770

SHA256
65c2ff45d6c5866e4786f362fab9f13bc3e311f5b24684fd1db78e4ac04dbfbe

SHA512
2ef37f5e8d7bb989088116c6294bfb355154dfb8faa1e3981c910b71d80907758212149eb69ceeb223bb95d801c79995a9d9c0bead1a02193ddf7c806944ba44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe

Filesize
468KB

MD5
f594f794155721c71c3f1a0536159935

SHA1
4958886355a09ba6c1e768e852cb88962f23ea69

SHA256
7eb4b49fa1b2abedb8941818b3484c5c003948607d66c2f599692ae79b64b40c

SHA512
b887f115a99e9a14bbf41dcb5501078e3ac7646d6a0d60eb38c92f525ee781fed738423119f3aa051d7c073128bee121a365dc1c6d813bb6ae34d15ee2054782

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe

Filesize
468KB

MD5
a9b0ffe0e0847909d94656ae7ea975ef

SHA1
4f136f1c6b3ad00ea8f05f6b6cbd16d1f170460f

SHA256
545e9daf3fb42b26dc46dfb0c60f1d86e4ffaf6ef946255a71273f0ee786578d

SHA512
abd1d1b21b4895e91249dc3b13f618e55ebf4c69802c60eaf1d9294a221a755cfbbe66eff23bb822df38079066ca288029605a108ea5af839e8e42dbe37a6eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe

Filesize
468KB

MD5
028b1f15315f31e3d0eac2e9b875d03f

SHA1
f8d423e6dbc4695df41b8c8ce396e53dbd3169d8

SHA256
38e2e63cdb2948c8741c2380727fcff5fbd072737a6c8112b2840d394adcb2b2

SHA512
535b37f6314f068934e05239a4d47ee99493f522e24e2a44f16d9b2e3ea91a3e1197e3eae09d8d4c526fde4582add5933925cbe2c41cfac5ed78c5e4cd7e391d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe

Filesize
468KB

MD5
76650e4ca91ae7863afa3352e1b542a4

SHA1
936f62fe7d026ee808979a2228407200e6b0c3b4

SHA256
4d1042d531f348b0663ce6278b85e362923cf301709aa5faab6108ad65342cf0

SHA512
163157735fa154446b75e879aad6f413ea8c15ce1eb0fe1c14f3c27af1a9bdd51d8bfd2f633b248ae5647d4f1d5cb34ad29bca766df0b23fd94efd6ce8ab6ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe

Filesize
468KB

MD5
530232d8f95691b97f2e3386cb648ba7

SHA1
118072e13dc99e45ba8eda1bdf7a00cdd4388cec

SHA256
08fa3f99f41c8b02c568b76523cb08a5cfd09312ed361e6914f6b0889a7cc3c7

SHA512
2827db054ccdd01d7d4732e45e6d196109705fd3d780fb25a56566d638c94d585ef494f1e6c05fea71f18c2c003ff299894db2c4fdac61252255391d4515a473

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe

Filesize
468KB

MD5
1db1d800cbe86821280b57b7b6f02a74

SHA1
75a4bfc05044f5e5d4628b1febdb0263b36dd633

SHA256
7699010b35d35f2c664bd5cfc5d3f113588fd29f5139ecb2f6c7b4b74443aa9b

SHA512
a979588a663ac46f76ab182e997d00c969552c4210ae8cbd3a31c93cca7566f2fe1d7a09fc4aa63c56573f5a217606c893cb02f4bce49991562d95ac1b83314b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe

Filesize
468KB

MD5
ebff50cdc929841d894dc31057985b99

SHA1
1c71cfd8afbb5def32e1a1ac74e4f16e5adb1e67

SHA256
520a6b957d11d0f63acb83772d0b57c0cde4fa74ad3c53539ce3b24688e99a63

SHA512
20d7553560743a033993929f0684c39588e1cc512ae220f62268c952bf860532ab3b1398df05265fbb91b43022746e360b7e3a37d9767cb9c915962d5a098ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe

Filesize
468KB

MD5
cb8c8c6dafed4551fa8ef826ce437489

SHA1
f94da70a58e11a6188fbd12212b519a215b62845

SHA256
5f570700ad62983e0b3d94ff5eb67985221ee3aae141c9715f7ec81e7a1d3490

SHA512
cc83e29d512f9245214620b18dc619a57020f78e2c2a40994ad0d1782f09235f07a53a2b19782c8a87da6ed8d233896e4005df0123459b73f6dd50a428b56b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe

Filesize
468KB

MD5
a4079670f02dd4b8af9a55a123a2b54e

SHA1
a47c970298c39fd7a35b8c4dd190b93accb475dc

SHA256
99b2ca540deffe735c03030550ddb56097a8544137b13af03132296ec94b8a00

SHA512
395362b05363d2133109177bf3832697f7834b1b28023359ea6ca392cd35ab8199a38066a0af82dfef6b2545928128ab814173ce3090ba919ad33bbe8635e258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe

Filesize
468KB

MD5
7694ee45e24358adbed9e59b953693e3

SHA1
4e9a183cf9755087a63ae026b395e38c02dddc9b

SHA256
d34c64981b714cf173c4d3100d8b220b2281f36e9562992ced050a774f6ef717

SHA512
771227cbf4a9ea7b5769bad330dff44064e8f40df872941a136cb8fe31e8fca64e9172cafdcac9f7287bbdbcd27a1413e3fe2b130a4a6924ebedc7e5f3435127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe

Filesize
468KB

MD5
cd778434d7be440b5a493d3b456d8109

SHA1
8b79f476537704b6b8f540804a839a51b223f34c

SHA256
1e6a2f70745a75eaa491aef52c5e0209fb2ea91cd36cf6ed5ebd06be69a6889c

SHA512
00876fb1caad1a468095c32386eb9d0d98d93513b212ecccafd926fd536d80b69ff2d7481e86d9db42c2b07854192881a70dd3b7daa1387814168473a13a97bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe

Filesize
468KB

MD5
0a2e9a2706b1e50ac6609784ad9d2778

SHA1
d367c7fa98b3b1619079ab9d49c5ff766abee7d1

SHA256
08afb11167744e9323e93b5e6b6297b38347f2d3d72a7718b2e77185221fee3a

SHA512
9137a0a9ba39151c8eda112ef1cda828968a385183ca9ea740ba2adc8e90fdc341c1ebeeb3245deeef32fe602f5202faa7bdaa70d806677873edbfdcb64e4056

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe

Filesize
468KB

MD5
4f4630771046107b3723860a93f28752

SHA1
af51337fb17428bd5b55039dabe73f6299b44556

SHA256
8cac3ee1417aa43954782ed2cebaa52584872bd44a53165067819bbb47d51934

SHA512
ef55d90514d141e00452a672bc89297fcede94997be19fb245fc081d4a68ad60923d6d78e0c064774ece92e018884df0712fef000e4a183bbbd7d6f061212685

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe

Filesize
468KB

MD5
2c4bad233300ae0476a566fbdea62cb8

SHA1
8720bec593fc066f7106eb8923746f5e3df8807e

SHA256
546d260d06ffd809b1ead404b42daa71297c0e79d38b0c3ab91b5ed79107ccf9

SHA512
da1ce20b9a6327561cf9541c6d9aa46ac7bfebdef00c428a43672fdab7a5ab2d3d342122b78132ea6663d3dcf2d982f07f4d01b6634682ff6d7de506fa01537d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe

Filesize
468KB

MD5
8dfb58f67fe81903c728903a53af1ff6

SHA1
e93433f80ed16e05c0520e4a03ef17da717452e5

SHA256
0a8be898618856c8f30c8f66dfa82dd2d0e5af3adb288281dd1b084ce8401933

SHA512
31b9ca7b32dd63c48684165dd2959fe52818e720646db5782d3ace9df7264d80a7281cde529a382a40a51de26fd689b2b355e5de9608143f6a6b70b915425a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe

Filesize
468KB

MD5
7eb130a42a808fb0c91b71218e4301f4

SHA1
c538005b951edd3af26c094a1846d273b720775c

SHA256
25ee54a48081423962afcba0655f3d3e9a4cb22f0b516073be16b238aab3e0ce

SHA512
27286566a8c22b2bda8b171b3b947c015edbd0fc017bfdf3e0df0f5a4180ba3f1acc6d2744789d814caba56559557b457a992458c7b9c81a0b9ea3f0ab122465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe

Filesize
468KB

MD5
7de4fa08ab6b0721116d62fe828f80a7

SHA1
2c0069e80cdc9114fd97a1bf6eb90a5c187c266f

SHA256
b5c186e82e86c8c97e99e1c7b8ba715f1614852e4b06befa1925198cd90d3766

SHA512
9a70f395754424234631b20ab93cc2fc374b069b37e936edb4f1ba43d3a19cc43f38da0c1086c64136563a13c7cea69d86dbef6f2816737114a27fb7abe62ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe

Filesize
468KB

MD5
8520f8dce0a4bc425d02f800decb84e6

SHA1
401c11b207b8a0ce3d4f64dddc9bcc38e8fce851

SHA256
3b574045b099ed22576f89eebf2efacdb5f29395349885dbeaf39d94bec58015

SHA512
de5864a378d0f8f02d6f905d57668f4043334f693f82aa0c881d3c8e745b989b06fb4c95e46dea9135e2c23c4b49c5cdbf185558efd89b4732d9a876f718bd5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe

Filesize
468KB

MD5
9743996a304e9448f4d559db9e555899

SHA1
bddc5cb0e7c26997c4cf1fa77426f3d5396884a5

SHA256
617570f54c89b54762759d6616f397dc94d08f99ec7ae994e07185a7510c1ca5

SHA512
d43d0b5237dfdef77e652061367d5d02f595fd47de8f07f7dc8d467a6058751bf70671af950f175fbdd633b92e02eaa92fcd27822b93d97891b276858b7e49a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe

Filesize
468KB

MD5
7cb7026f1b993d216798278f83b4c319

SHA1
5c8cc1a73b837122f2fe7cb3f6739d947cedd29a

SHA256
6aa2fee06250f11ecaa53c2f869f38f4fd3f6075c24d72d17b9b927f875dc739

SHA512
01c8481f1fb16c361175c107d52c0abfae8d570504f0368a2f8617630a9dad0b0fca5aa8ec566398eabb5158e9ec77b3c05d376ca001fbef8515427c77e5a6de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe

Filesize
468KB

MD5
8abce01c6ea517c4da6bac464f8cbb82

SHA1
4f3c40c1904e82de2e39246f50e25356985508bc

SHA256
b6727e5da12385c2f83157f7143e084ed10ea85a281d1fc9e28bb71b2abdd873

SHA512
c2141eb0f76fba66ce158cda288474e82de46386f7482e34d0afa2ebcef11b5b0445f64c17ddc5810a10c0181dc937f487d22328f892638174254415361361df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe

Filesize
468KB

MD5
bab18de858a82551cea30c9f4b1ee647

SHA1
fe77b51f6ab7d47c206fea328aad1f7840405efa

SHA256
943ed8da1d44cb8bdfa9f53c111ee102000425d5ba23066aaf94e1afa56a3413

SHA512
f786ea8f021a01028b23d94fb6c9f74515e13f09cf924f192c906f4eef5ac9d95bd51cb9d37545534c8bf848cb30d2cfc23ae21bbca99fb2c27115d050a568f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe

Filesize
468KB

MD5
485430632f6a3ffda0c41e78d51a33bc

SHA1
1fd083b18da1a995f968923c58cc7fc7111d8c32

SHA256
2b9f42d29c55ca1845d10ece868a2a5c86b3c880d73c8b002a1417f419ff09c4

SHA512
1056ddfacda7cc259c56fdf56712a600d4caf7b52457bccccc9dc29b9e9689d5d5098a50a245daf929fdafa28aa59a2009dbc64ba5ebfa1cc0a14f71462338dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe

Filesize
468KB

MD5
e715fbf9776eeeee943c4ecc74a72b62

SHA1
0988ae1471cc8591902fac1e1c572a2b058214c8

SHA256
10138be22dbbd9aae89e87609cf8662900381f507e594f543cf42b644a7b15c0

SHA512
2f8d3faf8e2633e53ddc6dd353edf885768b37a41204dc3f3b5d480fe2de89302039d25fe1d8beb5ae5a42a6c545f05f22e909de5ed61e34a4e344401b1891e1

Download Submit