04f5c6102d557c26b4bb9e5216fd37d21c0cedbc4420604a253d134b040c5107

Analysis

max time kernel
35s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

156ea90013a8dce639a8075029aec8e0N.exe
Size

184KB
MD5

156ea90013a8dce639a8075029aec8e0
SHA1

725661021b452af6005b228338438ccdec28f242
SHA256

04f5c6102d557c26b4bb9e5216fd37d21c0cedbc4420604a253d134b040c5107
SHA512

e3ae4541ffc5a24e50ccccbedd61fd949c780917fc2a4859f63643117118c806f3ae4d52f4c652f7f0ea61145f0b7c454ef7f0d5061874601d685b9c0d540ad2
SSDEEP

3072:XERJV0oHwj0odOA4kZGs8uNcalvLqnxiumnp:XEeojUOAL8ecalzqnxium

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
388	Unicorn-59441.exe
3588	Unicorn-54921.exe
3200	Unicorn-43223.exe
2968	Unicorn-23121.exe
632	Unicorn-52456.exe
3164	Unicorn-36607.exe
3744	Unicorn-56281.exe
1460	Unicorn-47921.exe
3800	Unicorn-28055.exe
2708	Unicorn-64937.exe
2628	Unicorn-1320.exe
3432	Unicorn-38823.exe
3660	Unicorn-42161.exe
3748	Unicorn-42161.exe
3388	Unicorn-5959.exe
4440	Unicorn-28513.exe
3232	Unicorn-8647.exe
4904	Unicorn-18529.exe
3712	Unicorn-46904.exe
1568	Unicorn-33905.exe
404	Unicorn-33713.exe
4948	Unicorn-63048.exe
3196	Unicorn-55617.exe
3840	Unicorn-60256.exe
1672	Unicorn-18455.exe
1584	Unicorn-38897.exe
1580	Unicorn-2695.exe
1372	Unicorn-55233.exe
4572	Unicorn-53225.exe
3608	Unicorn-41527.exe
1504	Unicorn-45057.exe
2732	Unicorn-20361.exe
4980	Unicorn-49696.exe
3776	Unicorn-28071.exe
388	Unicorn-23817.exe
3656	Unicorn-12119.exe
2316	Unicorn-56489.exe
2520	Unicorn-14880.exe
4472	Unicorn-272.exe
2664	Unicorn-23324.exe
3036	Unicorn-23324.exe
4940	Unicorn-48897.exe
4504	Unicorn-29031.exe
4352	Unicorn-48897.exe
1180	Unicorn-24201.exe
4208	Unicorn-45176.exe
4956	Unicorn-4143.exe
4560	Unicorn-65433.exe
3692	Unicorn-47753.exe
5100	Unicorn-36055.exe
3812	Unicorn-39585.exe
2904	Unicorn-64089.exe
1548	Unicorn-35863.exe
4468	Unicorn-56113.exe
2760	Unicorn-19911.exe
2504	Unicorn-5495.exe
5104	Unicorn-41697.exe
3860	Unicorn-6071.exe
2764	Unicorn-10752.exe
1940	Unicorn-39895.exe
3528	Unicorn-43425.exe
3104	Unicorn-7031.exe
2700	Unicorn-2968.exe
2132	Unicorn-2968.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2904	388	WerFault.exe	89
1560	388	WerFault.exe	89
1748	2968	WerFault.exe	95
3384	632	WerFault.exe	96
4980	2968	WerFault.exe	95
552	632	WerFault.exe	96
4924	3164	WerFault.exe	104
4864	3164	WerFault.exe	104
4444	3744	WerFault.exe	105
1560	1460	WerFault.exe	106
3904	3744	WerFault.exe	105
3956	1460	WerFault.exe	106
2288	3388	WerFault.exe	113
4148	3660	WerFault.exe	111
4328	3388	WerFault.exe	113
3364	2628	WerFault.exe	109
3304	3748	WerFault.exe	112
5012	3660	WerFault.exe	111
1704	2628	WerFault.exe	109
1652	3748	WerFault.exe	112
3864	3232	WerFault.exe	123
1396	3232	WerFault.exe	123
3028	4904	WerFault.exe	128
2312	4948	WerFault.exe	132
1556	4904	WerFault.exe	128
2964	4948	WerFault.exe	132
3632	1580	WerFault.exe	147
5088	1580	WerFault.exe	147
2580	3608	WerFault.exe	151
3848	1504	WerFault.exe	152
4332	2732	WerFault.exe	153
3672	3608	WerFault.exe	151
3064	1504	WerFault.exe	152
5012	3776	WerFault.exe	168
2564	2732	WerFault.exe	153
2192	3776	WerFault.exe	168
3796	2316	WerFault.exe	171
4072	2316	WerFault.exe	171
3876	1180	WerFault.exe	183
5260	4956	WerFault.exe	185
5592	1180	WerFault.exe	183
5624	4208	WerFault.exe	184
5636	4504	WerFault.exe	181
5764	4956	WerFault.exe	185
5808	4504	WerFault.exe	181
5856	4208	WerFault.exe	184
5784	884	WerFault.exe	218
5196	1968	WerFault.exe	217
6700	2904	WerFault.exe	198
6760	1424	WerFault.exe	220
7124	5104	WerFault.exe	204
6336	1968	WerFault.exe	217
6276	3664	WerFault.exe	243
8116	3124	WerFault.exe	247
7376	3532	WerFault.exe	240
5132	4428	WerFault.exe	230
8616	5140	WerFault.exe	270
8420	1404	WerFault.exe	256
8756	6040	WerFault.exe	301
3664	3684	WerFault.exe	329
8344	3584	WerFault.exe	249
9120	5056	WerFault.exe	311
9496	5844	WerFault.exe	294
10404	7036	WerFault.exe	384

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65272.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1972	156ea90013a8dce639a8075029aec8e0N.exe
388	Unicorn-59441.exe
3588	Unicorn-54921.exe
3200	Unicorn-43223.exe
2968	Unicorn-23121.exe
632	Unicorn-52456.exe
3164	Unicorn-36607.exe
3744	Unicorn-56281.exe
1460	Unicorn-47921.exe
3800	Unicorn-28055.exe
2708	Unicorn-64937.exe
2628	Unicorn-1320.exe
3432	Unicorn-38823.exe
3660	Unicorn-42161.exe
3748	Unicorn-42161.exe
3388	Unicorn-5959.exe
4440	Unicorn-28513.exe
3232	Unicorn-8647.exe
4904	Unicorn-18529.exe
3712	Unicorn-46904.exe
1568	Unicorn-33905.exe
404	Unicorn-33713.exe
4948	Unicorn-63048.exe
3196	Unicorn-55617.exe
3840	Unicorn-60256.exe
1672	Unicorn-18455.exe
1584	Unicorn-38897.exe
1580	Unicorn-2695.exe
1372	Unicorn-55233.exe
4572	Unicorn-53225.exe
3608	Unicorn-41527.exe
2732	Unicorn-20361.exe
1504	Unicorn-45057.exe
4980	Unicorn-49696.exe
3776	Unicorn-28071.exe
388	Unicorn-23817.exe
3656	Unicorn-12119.exe
2316	Unicorn-56489.exe
2520	Unicorn-14880.exe
4472	Unicorn-272.exe
2664	Unicorn-23324.exe
3036	Unicorn-23324.exe
4940	Unicorn-48897.exe
4504	Unicorn-29031.exe
4352	Unicorn-48897.exe
1180	Unicorn-24201.exe
4208	Unicorn-45176.exe
4956	Unicorn-4143.exe
4560	Unicorn-65433.exe
3692	Unicorn-47753.exe
5100	Unicorn-36055.exe
3812	Unicorn-39585.exe
2904	Unicorn-64089.exe
1548	Unicorn-35863.exe
4468	Unicorn-56113.exe
2760	Unicorn-19911.exe
2504	Unicorn-5495.exe
5104	Unicorn-41697.exe
3860	Unicorn-6071.exe
2764	Unicorn-10752.exe
1940	Unicorn-39895.exe
3528	Unicorn-43425.exe
3104	Unicorn-7031.exe
2132	Unicorn-2968.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 388	1972	156ea90013a8dce639a8075029aec8e0N.exe	89
PID 1972 wrote to memory of 388	1972	156ea90013a8dce639a8075029aec8e0N.exe	89
PID 1972 wrote to memory of 388	1972	156ea90013a8dce639a8075029aec8e0N.exe	89
PID 388 wrote to memory of 3588	388	Unicorn-59441.exe	92
PID 388 wrote to memory of 3588	388	Unicorn-59441.exe	92
PID 388 wrote to memory of 3588	388	Unicorn-59441.exe	92
PID 1972 wrote to memory of 3200	1972	156ea90013a8dce639a8075029aec8e0N.exe	93
PID 1972 wrote to memory of 3200	1972	156ea90013a8dce639a8075029aec8e0N.exe	93
PID 1972 wrote to memory of 3200	1972	156ea90013a8dce639a8075029aec8e0N.exe	93
PID 3200 wrote to memory of 2968	3200	Unicorn-43223.exe	95
PID 3200 wrote to memory of 2968	3200	Unicorn-43223.exe	95
PID 3200 wrote to memory of 2968	3200	Unicorn-43223.exe	95
PID 388 wrote to memory of 632	388	Unicorn-59441.exe	96
PID 388 wrote to memory of 632	388	Unicorn-59441.exe	96
PID 388 wrote to memory of 632	388	Unicorn-59441.exe	96
PID 3588 wrote to memory of 3164	3588	Unicorn-54921.exe	104
PID 3588 wrote to memory of 3164	3588	Unicorn-54921.exe	104
PID 3588 wrote to memory of 3164	3588	Unicorn-54921.exe	104
PID 2968 wrote to memory of 3744	2968	Unicorn-23121.exe	105
PID 2968 wrote to memory of 3744	2968	Unicorn-23121.exe	105
PID 2968 wrote to memory of 3744	2968	Unicorn-23121.exe	105
PID 632 wrote to memory of 1460	632	Unicorn-52456.exe	106
PID 632 wrote to memory of 1460	632	Unicorn-52456.exe	106
PID 632 wrote to memory of 1460	632	Unicorn-52456.exe	106
PID 3200 wrote to memory of 3800	3200	Unicorn-43223.exe	107
PID 3200 wrote to memory of 3800	3200	Unicorn-43223.exe	107
PID 3200 wrote to memory of 3800	3200	Unicorn-43223.exe	107
PID 3164 wrote to memory of 2708	3164	Unicorn-36607.exe	108
PID 3164 wrote to memory of 2708	3164	Unicorn-36607.exe	108
PID 3164 wrote to memory of 2708	3164	Unicorn-36607.exe	108
PID 3744 wrote to memory of 2628	3744	Unicorn-56281.exe	109
PID 3744 wrote to memory of 2628	3744	Unicorn-56281.exe	109
PID 3744 wrote to memory of 2628	3744	Unicorn-56281.exe	109
PID 2968 wrote to memory of 3432	2968	Unicorn-23121.exe	110
PID 2968 wrote to memory of 3432	2968	Unicorn-23121.exe	110
PID 2968 wrote to memory of 3432	2968	Unicorn-23121.exe	110
PID 1460 wrote to memory of 3660	1460	Unicorn-47921.exe	111
PID 1460 wrote to memory of 3660	1460	Unicorn-47921.exe	111
PID 1460 wrote to memory of 3660	1460	Unicorn-47921.exe	111
PID 3800 wrote to memory of 3748	3800	Unicorn-28055.exe	112
PID 3800 wrote to memory of 3748	3800	Unicorn-28055.exe	112
PID 3800 wrote to memory of 3748	3800	Unicorn-28055.exe	112
PID 632 wrote to memory of 3388	632	Unicorn-52456.exe	113
PID 632 wrote to memory of 3388	632	Unicorn-52456.exe	113
PID 632 wrote to memory of 3388	632	Unicorn-52456.exe	113
PID 2708 wrote to memory of 4440	2708	Unicorn-64937.exe	122
PID 2708 wrote to memory of 4440	2708	Unicorn-64937.exe	122
PID 2708 wrote to memory of 4440	2708	Unicorn-64937.exe	122
PID 3164 wrote to memory of 3232	3164	Unicorn-36607.exe	123
PID 3164 wrote to memory of 3232	3164	Unicorn-36607.exe	123
PID 3164 wrote to memory of 3232	3164	Unicorn-36607.exe	123
PID 2628 wrote to memory of 4904	2628	Unicorn-1320.exe	128
PID 2628 wrote to memory of 4904	2628	Unicorn-1320.exe	128
PID 2628 wrote to memory of 4904	2628	Unicorn-1320.exe	128
PID 3744 wrote to memory of 3712	3744	Unicorn-56281.exe	129
PID 3744 wrote to memory of 3712	3744	Unicorn-56281.exe	129
PID 3744 wrote to memory of 3712	3744	Unicorn-56281.exe	129
PID 3432 wrote to memory of 1568	3432	Unicorn-38823.exe	130
PID 3432 wrote to memory of 1568	3432	Unicorn-38823.exe	130
PID 3432 wrote to memory of 1568	3432	Unicorn-38823.exe	130
PID 3748 wrote to memory of 404	3748	Unicorn-42161.exe	131
PID 3748 wrote to memory of 404	3748	Unicorn-42161.exe	131
PID 3748 wrote to memory of 404	3748	Unicorn-42161.exe	131
PID 1460 wrote to memory of 4948	1460	Unicorn-47921.exe	132

C:\Users\Admin\AppData\Local\Temp\156ea90013a8dce639a8075029aec8e0N.exe
"C:\Users\Admin\AppData\Local\Temp\156ea90013a8dce639a8075029aec8e0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        12⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        13⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        12⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
        10⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        12⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 504
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        12⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        12⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        11⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
        12⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        10⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        11⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 744
        9⤵
        Program crash
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 744
        8⤵
        Program crash
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 744
        8⤵
        Program crash
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
        11⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        12⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        13⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        14⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        14⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        12⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        13⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        11⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        12⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        12⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        11⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        12⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        13⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        12⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        10⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        11⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        12⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        11⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        12⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        11⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 628
        10⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 716
        9⤵
        Program crash
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        11⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        12⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        13⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        9⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
        11⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
        12⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 744
        8⤵
        Program crash
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 748
        8⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        11⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        12⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        13⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        14⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        12⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        13⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        10⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        11⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        12⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        12⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        11⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        9⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        11⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        12⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        12⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        11⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 676
        9⤵
        Program crash
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57784.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        9⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        11⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        11⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54240.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        12⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        13⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        12⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        13⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 624
        12⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        12⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        13⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        12⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        11⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        12⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        12⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        11⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 740
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        12⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        13⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        12⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        11⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        12⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        10⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        11⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        12⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        11⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        11⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        12⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        13⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        12⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        10⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        11⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        11⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        12⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        13⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        12⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 720
        12⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        11⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        12⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 624
        11⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        11⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        12⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        12⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        11⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        10⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        11⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        11⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        12⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        12⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        11⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        11⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        12⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        13⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        11⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        12⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        12⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        11⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 652
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 624
        10⤵
        Program crash
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        10⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        11⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 628
        9⤵
        Program crash
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        10⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        11⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        11⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        10⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        9⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        10⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        10⤵
        
        PID:5652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 648
        6⤵
        Program crash
        
        PID:3864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 660
        6⤵
        Program crash
        
        PID:1396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 720
        5⤵
        Program crash
        
        PID:4924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 720
        5⤵
        Program crash
        
        PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        11⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        12⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        13⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
        14⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        11⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        12⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        13⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        13⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 648
        12⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        12⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        12⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57784.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        11⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        12⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        13⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        10⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        12⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        11⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        12⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        13⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        11⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        12⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        10⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 684
        9⤵
        Program crash
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        8⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe
        9⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        10⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        11⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        12⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        13⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        12⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        11⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
        11⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        12⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        11⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        10⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        11⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        11⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 664
        10⤵
        Program crash
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        10⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        10⤵
        
        PID:8048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 560
        6⤵
        Program crash
        
        PID:4148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 736
        6⤵
        Program crash
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        9⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        11⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
        12⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        11⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        12⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        12⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 628
        11⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        10⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        11⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        12⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        12⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        11⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        10⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        12⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        11⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        10⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        11⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        13⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        12⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        11⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        12⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        10⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        11⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
        9⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        10⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 632
        10⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        11⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        12⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        10⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        11⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        10⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        11⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
        10⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 680
        9⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        9⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        11⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 640
        7⤵
        Program crash
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 640
        7⤵
        Program crash
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        9⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        10⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        11⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        9⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        10⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 652
        7⤵
        Program crash
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 652
        7⤵
        Program crash
        
        PID:5764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 724
        6⤵
        Program crash
        
        PID:2312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 724
        6⤵
        Program crash
        
        PID:2964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 668
        5⤵
        Program crash
        
        PID:1560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 668
        5⤵
        Program crash
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 632
        5⤵
        Program crash
        
        PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 624
        5⤵
        Program crash
        
        PID:4328
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 720
      4⤵
      Program crash
      PID:3384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 720
      4⤵
      Program crash
      PID:552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 744
    3⤵
    - Program crash
    PID:2904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 744
    3⤵
    - Program crash
    PID:1560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        11⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        12⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        13⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        14⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        14⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        13⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        14⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
        12⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        13⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        14⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        11⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        12⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        13⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        13⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        11⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        12⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        13⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        14⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        13⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        12⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        12⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 636
        10⤵
        Program crash
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        11⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        12⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        13⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        12⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        12⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        13⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        14⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        12⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        11⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        12⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        10⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        11⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        12⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        13⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
        11⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        11⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        12⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        13⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        13⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
        11⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        12⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 724
        11⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        12⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        11⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        9⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        12⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        13⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        13⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        10⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        11⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        11⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 660
        10⤵
        Program crash
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        10⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        11⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        12⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 624
        12⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        10⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        11⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 764
        10⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        11⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        12⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        11⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        12⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        10⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        11⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        10⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 680
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        10⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        11⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48920.exe
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 720
        8⤵
        Program crash
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 720
        8⤵
        Program crash
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 752
        7⤵
        Program crash
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 752
        7⤵
        Program crash
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 728
        7⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 708
        7⤵
        Program crash
        
        PID:5088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 744
        6⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 760
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5495.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        11⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        12⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 624
        10⤵
        Program crash
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        10⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        12⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        11⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        11⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 668
        9⤵
        Program crash
        
        PID:8344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 716
        5⤵
        Program crash
        
        PID:4444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 716
        5⤵
        Program crash
        
        PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 632
        9⤵
        Program crash
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        12⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        12⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        11⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        12⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        9⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46169.exe
        10⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        11⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        12⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        13⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        9⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        10⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        11⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        10⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        9⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        10⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        11⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        11⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 548
        10⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        7⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 632
        8⤵
        Program crash
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 632
        8⤵
        Program crash
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        9⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        10⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        11⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        11⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        11⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        9⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        10⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 632
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 652
        7⤵
        Program crash
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 676
        7⤵
        Program crash
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        10⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        11⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        12⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        10⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        11⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        9⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        10⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        10⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        11⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        9⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
        10⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        9⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        10⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        11⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        10⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        9⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        10⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        10⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        9⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        9⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        10⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 648
        8⤵
        Program crash
        
        PID:3664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 708
        6⤵
        Program crash
        
        PID:2580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 708
        6⤵
        Program crash
        
        PID:3672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 736
      4⤵
      Program crash
      PID:1748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 736
      4⤵
      Program crash
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        12⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        13⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        14⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        12⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        13⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        12⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        13⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        12⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        11⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        12⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        12⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        11⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        12⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 684
        11⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        12⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        11⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        12⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 744
        10⤵
        Program crash
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        13⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        12⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 648
        12⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        10⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
        12⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        10⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        11⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        12⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        13⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        12⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        10⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        11⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        12⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        11⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        9⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        10⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        11⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        11⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
        9⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        12⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        11⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        9⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        10⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        11⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 712
        7⤵
        Program crash
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 712
        7⤵
        Program crash
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21537.exe
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        11⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        12⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        13⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 624
        12⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        11⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        11⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        9⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        10⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        10⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 744
        8⤵
        Program crash
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 632
        7⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 632
        7⤵
        Program crash
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        8⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 628
        7⤵
        Program crash
        
        PID:6760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 748
        5⤵
        Program crash
        
        PID:3304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 748
        5⤵
        Program crash
        
        PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 388 -ip 388
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 388 -ip 388
1⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2968 -ip 2968
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 632 -ip 632
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2968 -ip 2968
1⤵
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 632 -ip 632
1⤵
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3164 -ip 3164
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3164 -ip 3164
1⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3744 -ip 3744
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1460 -ip 1460
1⤵
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3744 -ip 3744
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1460 -ip 1460
1⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3388 -ip 3388
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3660 -ip 3660
1⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3388 -ip 3388
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2628 -ip 2628
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3748 -ip 3748
1⤵
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3660 -ip 3660
1⤵
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2628 -ip 2628
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3748 -ip 3748
1⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3232 -ip 3232
1⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3232 -ip 3232
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4904 -ip 4904
1⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4948 -ip 4948
1⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4904 -ip 4904
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4948 -ip 4948
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1580 -ip 1580
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1580 -ip 1580
1⤵
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1504 -ip 1504
1⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3608 -ip 3608
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2732 -ip 2732
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1504 -ip 1504
1⤵
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3608 -ip 3608
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3776 -ip 3776
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2732 -ip 2732
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3776 -ip 3776
1⤵
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2316 -ip 2316
1⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2316 -ip 2316
1⤵
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1180 -ip 1180
1⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4956 -ip 4956
1⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1180 -ip 1180
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4504 -ip 4504
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4208 -ip 4208
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4956 -ip 4956
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4504 -ip 4504
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4208 -ip 4208
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 884 -ip 884
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1968 -ip 1968
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2904 -ip 2904
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5104 -ip 5104
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1424 -ip 1424
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5104 -ip 5104
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 1968 -ip 1968
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2700 -ip 2700
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3104 -ip 3104
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 884 -ip 884
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3664 -ip 3664
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3104 -ip 3104
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2700 -ip 2700
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2904 -ip 2904
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3364 -ip 3364
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 3124 -ip 3124
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3232 -ip 3232
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 364 -ip 364
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4428 -ip 4428
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3364 -ip 3364
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3124 -ip 3124
1⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2616 -ip 2616
1⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3532 -ip 3532
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4428 -ip 4428
1⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 364 -ip 364
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5616 -ip 5616
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6988 -ip 6988
1⤵
PID:552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2616 -ip 2616
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5244 -ip 5244
1⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5616 -ip 5616
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5932 -ip 5932
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3584 -ip 3584
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5660 -ip 5660
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6988 -ip 6988
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1404 -ip 1404
1⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5244 -ip 5244
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5140 -ip 5140
1⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6072 -ip 6072
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5660 -ip 5660
1⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3584 -ip 3584
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5932 -ip 5932
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6056 -ip 6056
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3664 -ip 3664
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4608 -ip 4608
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3684 -ip 3684
1⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6040 -ip 6040
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7352 -ip 7352
1⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3904 -ip 3904
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3532 -ip 3532
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6344 -ip 6344
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3684 -ip 3684
1⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4608 -ip 4608
1⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6056 -ip 6056
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 7352 -ip 7352
1⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3904 -ip 3904
1⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5548 -ip 5548
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6344 -ip 6344
1⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1404 -ip 1404
1⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6108 -ip 6108
1⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6136 -ip 6136
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2052 -ip 2052
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1892 -ip 1892
1⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 844 -ip 844
1⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5548 -ip 5548
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6108 -ip 6108
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 844 -ip 844
1⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5056 -ip 5056
1⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2052 -ip 2052
1⤵
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1892 -ip 1892
1⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5844 -ip 5844
1⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6136 -ip 6136
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5400 -ip 5400
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5140 -ip 5140
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 812 -ip 812
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5728 -ip 5728
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5676 -ip 5676
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3756 -ip 3756
1⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6128 -ip 6128
1⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5164 -ip 5164
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5276 -ip 5276
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5844 -ip 5844
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5400 -ip 5400
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6284 -ip 6284
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 812 -ip 812
1⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5312 -ip 5312
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5728 -ip 5728
1⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6128 -ip 6128
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4164 -ip 4164
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5676 -ip 5676
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6360 -ip 6360
1⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3756 -ip 3756
1⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6784 -ip 6784
1⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6980 -ip 6980
1⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5164 -ip 5164
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6040 -ip 6040
1⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7036 -ip 7036
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6296 -ip 6296
1⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6284 -ip 6284
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5224 -ip 5224
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5312 -ip 5312
1⤵
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4164 -ip 4164
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6432 -ip 6432
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6360 -ip 6360
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5696 -ip 5696
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6784 -ip 6784
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6980 -ip 6980
1⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6448 -ip 6448
1⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7120 -ip 7120
1⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 8372 -ip 8372
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4816 -ip 4816
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7036 -ip 7036
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5804 -ip 5804
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7360 -ip 7360
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5788 -ip 5788
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6296 -ip 6296
1⤵
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5812 -ip 5812
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5224 -ip 5224
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5896 -ip 5896
1⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5756 -ip 5756
1⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6432 -ip 6432
1⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5696 -ip 5696
1⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6448 -ip 6448
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6616 -ip 6616
1⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 7120 -ip 7120
1⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 8372 -ip 8372
1⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5056 -ip 5056
1⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4816 -ip 4816
1⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5788 -ip 5788
1⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5804 -ip 5804
1⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1640 -ip 1640
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5812 -ip 5812
1⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5756 -ip 5756
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5896 -ip 5896
1⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6616 -ip 6616
1⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7944 -ip 7944
1⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7656 -ip 7656
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4100 -ip 4100
1⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5276 -ip 5276
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7196 -ip 7196
1⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6124 -ip 6124
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4484 -ip 4484
1⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7260 -ip 7260
1⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6328 -ip 6328
1⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7880 -ip 7880
1⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 1640 -ip 1640
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7944 -ip 7944
1⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7656 -ip 7656
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4100 -ip 4100
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7260 -ip 7260
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4484 -ip 4484
1⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6328 -ip 6328
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3316 -ip 3316
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6096 -ip 6096
1⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6096 -ip 6096
1⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3316 -ip 3316
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7360 -ip 7360
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6648 -ip 6648
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5148 -ip 5148
1⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6916 -ip 6916
1⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8104 -ip 8104
1⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6196 -ip 6196
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6932 -ip 6932
1⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5148 -ip 5148
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6916 -ip 6916
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6388 -ip 6388
1⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6600 -ip 6600
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 8104 -ip 8104
1⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7424 -ip 7424
1⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7960 -ip 7960
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 8172 -ip 8172
1⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7520 -ip 7520
1⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5104 -ip 5104
1⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 8040 -ip 8040
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6704 -ip 6704
1⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1460 -ip 1460
1⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8076 -ip 8076
1⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6508 -ip 6508
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 7460 -ip 7460
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6684 -ip 6684
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7904 -ip 7904
1⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 8032 -ip 8032
1⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6196 -ip 6196
1⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 540 -ip 540
1⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7668 -ip 7668
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 8084 -ip 8084
1⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7280 -ip 7280
1⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 8904 -ip 8904
1⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6932 -ip 6932
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 8828 -ip 8828
1⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6912 -ip 6912
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7876 -ip 7876
1⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6596 -ip 6596
1⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 9056 -ip 9056
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6388 -ip 6388
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6600 -ip 6600
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6240 -ip 6240
1⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7424 -ip 7424
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5104 -ip 5104
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6704 -ip 6704
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 8040 -ip 8040
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1460 -ip 1460
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 8076 -ip 8076
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6508 -ip 6508
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6684 -ip 6684
1⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 7904 -ip 7904
1⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7460 -ip 7460
1⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 8032 -ip 8032
1⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 540 -ip 540
1⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 8084 -ip 8084
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6664 -ip 6664
1⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7668 -ip 7668
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 8828 -ip 8828
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6912 -ip 6912
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6596 -ip 6596
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 9056 -ip 9056
1⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6240 -ip 6240
1⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 7296 -ip 7296
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7484 -ip 7484
1⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7672 -ip 7672
1⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3624 -ip 3624
1⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 8860 -ip 8860
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3600 -ip 3600
1⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 8288 -ip 8288
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 7596 -ip 7596
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6648 -ip 6648
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 8472 -ip 8472
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5196 -ip 5196
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 8732 -ip 8732
1⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 844 -ip 844
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 7284 -ip 7284
1⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5384 -ip 5384
1⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 7484 -ip 7484
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7296 -ip 7296
1⤵
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7672 -ip 7672
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 8288 -ip 8288
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 8472 -ip 8472
1⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5196 -ip 5196
1⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 844 -ip 844
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 8732 -ip 8732
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7284 -ip 7284
1⤵
PID:512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5384 -ip 5384
1⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 8904 -ip 8904
1⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7876 -ip 7876
1⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6928 -ip 6928
1⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 812 -ip 812
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7628 -ip 7628
1⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6664 -ip 6664
1⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 812 -ip 812
1⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7628 -ip 7628
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7084 -ip 7084
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6732 -ip 6732
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4904 -ip 4904
1⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7736 -ip 7736
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7736 -ip 7736
1⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6928 -ip 6928
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1012 -ip 1012
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7612 -ip 7612
1⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 7620 -ip 7620
1⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6760 -ip 6760
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1012 -ip 1012
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7480 -ip 7480
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 8976 -ip 8976
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7856 -ip 7856
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7740 -ip 7740
1⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4920 -ip 4920
1⤵
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7532 -ip 7532
1⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7620 -ip 7620
1⤵
PID:512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7612 -ip 7612
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 7716 -ip 7716
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6760 -ip 6760
1⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8488 -ip 8488
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 8988 -ip 8988
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7480 -ip 7480
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 8976 -ip 8976
1⤵
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe

Filesize
184KB

MD5
54975452d81f8100e643bb28c8ffc5ee

SHA1
0f50fa214ea4b979f10c9e2ff47b81b98241d86f

SHA256
a21a733af2aadb7136c9b16483e1fbc55f933ebc99e63fc8b221131e7baaf053

SHA512
922ffd4705478639f3ecc37f454216c0cd92ef8c086c01d58aacc488e5bb3ebbe5e9c3cadc5a6bb181a6bb8f8826799aad0289380efd81c71ad0dd60b8dfe80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe

Filesize
184KB

MD5
17c98c1897c5d4f5ea839d63f847ee63

SHA1
cd60fbb90fc778726422bb86e7576c985e98e5c1

SHA256
3ef193e8ae0a00b3e0671e58c1360acc16113a9c36495e000b0a7130e09bc4b2

SHA512
dd64103857075288230f41591ae7bb6fd8cdf180b71a27333483e02dc7108de0dce0fd824857643f2d7a833481dd4f22c25eff9e2f9c2e0412a2ecb851f72ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe

Filesize
184KB

MD5
f262415618ac0fad1d4ddfb8f4c695e9

SHA1
54b6ce25a83c2668bd7a7e2b39d136c79e7f1648

SHA256
c728c48356c36263ed83d43847f7234dca626f71c4df4806de41a4b589713428

SHA512
b3961f8d7ae3a53572323951718b55a8d4195738d9682082eaaa3f4248e3bbf12c94cd7c8e08f4af06a6cbf69f1c03a6ccede4e1f17a008c453aefc41e923b4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe

Filesize
184KB

MD5
ef3fe9ebde05f5f87c0ff63b5b2599cc

SHA1
3bf740b7a51f16a450cdabbf25c8955582f1b120

SHA256
980c7cd3899b831b9acce2ec45173fde5ac131dc8fe32a9851ea0d8ee6d27adb

SHA512
6646d42787df33e1d62bb7b35da486b2790817b42af4a3ee31d714b58b01e9e2cee860689daf79b1543417fea184fa3e088198a8dda5d503381758daa786f1f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe

Filesize
184KB

MD5
f24813bcc013384d3eee394709a2d060

SHA1
3694369ed7863d8f10c59135c68958a15b33caba

SHA256
57864341ad6d4db817dcff6711b221318493b0cda3b41f8813b3900494611686

SHA512
c4124547646d0005304d18da3d2184dcd5ca50d78253fe30f46b570748700833010e37cfbbc67f3c66452144a5813cdb96bf8829e190e8428d826ed5264b6df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe

Filesize
184KB

MD5
d04855e44ada7ca1cabbca8f5092d9a4

SHA1
89c397eb5368f6e9044309560c9a0ead5432696f

SHA256
56b5ba477a09e22e2fde0a0f9a808e12431dcfae7381762d4bf5d262e3e7ef9c

SHA512
6685ee0cecc4c0e3080841448230aff7acf622f84dc1902a5f27bd4f2f474152729420748e298c923d64a521cf00c62b7b0e602d3fda5330c7ffd291b36d12e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe

Filesize
184KB

MD5
55aaabbbce1f57a3162a74ae1b69d41a

SHA1
f75b603d15a25d5535d6bbe64aba1664323e90df

SHA256
308c84334b3e5f1c9ed340c3ecd54b9e24e074013598a082b0640095ffcb09f1

SHA512
9fb8e08afe63e178a1a0e34a2570b6a29c1ac4ea1d58f03244dee8b7d9e09683971e0b639750f71464923f65d3f3d8099b66a54114dd5242158f3d5e4a3555eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe

Filesize
184KB

MD5
91c8b88cbde5128f106e1fe798b91680

SHA1
b918b6e8e934376fa46d4042a45fd0aea1b94ef8

SHA256
b84882529f40aa3677371a65d8d6ff6abb795fadab164dbc225f96f63ca1089d

SHA512
4776eed5335ad82b954a6b3c07fada4bea9b2b45584b5ca1779a9bc9fdde29a7fb0367c5b754b2e5110d6615323f5d1ae2031b102119aaec5e8b5981d23401c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe

Filesize
184KB

MD5
2f123b1d6f9f4ea94f0b292802e4edb2

SHA1
c606233312f33e6af12645657bc59807a129d186

SHA256
a37608110346efd1c11fea8e341f7190470e627a1f39c31202e8a240e688d6ab

SHA512
aa687d0c2b207489e7c6157bd842815d1dda0e049ea154e2228929259c3ed1839948d96cb38b8a03f3eebb65bccda6beda012d32fa55bef3fe99ecddb3d737ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe

Filesize
184KB

MD5
5df918c539a5f11b08ccaec53cf29403

SHA1
e57fb8f71dc27e924e91e1f3d167a527fe541b22

SHA256
016f1e753f7ae49a7d512c5fd54430caf78dbc46de1b32f24c9444c417f6297a

SHA512
3abcb66819f23210d7bd8d69f58cde99ed1b051f69ecbbada29517a395ba5c82a43ef779bdbef9b26d8390cc32893a8e0f972d975ea8603d5989aec21c4c4264

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe

Filesize
184KB

MD5
efd26a00796868c40ae444c7f56d9e41

SHA1
bb2117e11008b1f846f3a324ea470313c4928a81

SHA256
44fac4ece73a9459a134114d497cc8f2b817a298b5e05e01fb82fb265049cf1c

SHA512
de201943caa9289abd221d89420349bb962be9bf520b52677d2cf656e3a6046640aa34ae101a7099bd9157a8b3fcdcbd07d4c97b9419cf455b335197f8cbc350

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe

Filesize
184KB

MD5
de05ebc550f9f5aa4f4e28ff2bffe72c

SHA1
da9af340b4488d970c1e95fe6cca11cbeeff5391

SHA256
771c8a5f088edf7847f3dc71e179c1933f303a7ecfa0e684ac798da3c1698eae

SHA512
88344aedde328217895031daa1f99980990ab800af14dd7b631dbab5f3e34a7e366de136e39acdb56101436193d17e9a2bc90499c014f84c80bd890e05c6c3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe

Filesize
184KB

MD5
2ab4b3a0b4ac167cb4af8b8958a78555

SHA1
88cceb2dde52d311388421ad18022cd190d609c7

SHA256
d5134d3092b6d3ea4c73116c67f50097c15b497f3fffec66ec8305f7eea0d213

SHA512
fc68492805b96cdd4a812191c9df0fa513dfb47fa36500dbace491f1bc331e794f48c812a6ac9ec278af3ad60f2ce95851abe97d30df2590fda8643735ee40db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe

Filesize
184KB

MD5
d76cbb7840cad07efed83e797da57bdc

SHA1
ce69aef07e56a16d8259c521d39d18db77da2f05

SHA256
42da45466d2dffcdb3e64559f5f4d632d414d93172cf7f92153ad1bbb44e07e9

SHA512
eed1c734ef5ec6c4d8d4ce0dd14236c12d2fd45b17cb76d671cd5b71c582838fc7e1fd2eb75cf8ab172ba5634bf480c5967dc92ff292a65a45c7fa235592026a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe

Filesize
184KB

MD5
3798ddc5b8bcd1ae5b7fcf6501bd5673

SHA1
fb548abdde0e9e1d06bd5bc3c1cf081ddad1552d

SHA256
e42a07c90d3f705d787509c705aeebb01449153d3589d7a10f78699dff55df40

SHA512
0ce7878f1fb89adfa16801e8de1ab913b2e40ba51d8e03d6ac239f8c132398fe71dfc5e5ec8b1543eacd86efeadf43179a08afa335ef5142a597de6e809d68f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe

Filesize
184KB

MD5
a2ed04e0397a64695e3966d44a9f7f36

SHA1
ab66eab13f53242cd90c60fb944e95a5c18cbe77

SHA256
64a72de6c4df69ff180c64383595b0913856f6b7907c08ac72eb925ed30dcfb2

SHA512
82fc77652f3d0ea5673e33efbc7be1026634dc01e2a5c96d2c12d34ca12dfa1a193ead476aea708f1b6af2c6cc9812bb92fd73d54d0c0aeae81e63a735d2c620

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe

Filesize
184KB

MD5
1586593cbcbd361acbf8b6fa0361e4f1

SHA1
5af9c26bf21a4c93222a49f98c600c7c8fdb9b51

SHA256
502274bad61ce6f30f0c53098da8702cc232c01a3618cf1bf7ef2a1f9a25e259

SHA512
ed94cc86bacd82b6352aa4d2a327e02046c43608c6d315ffe8d9f9cbb5ffb8d6d4fcbff993c54bd048043f47b18d2fb716275ed629a58261a6d1f65c6e7e9aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe

Filesize
184KB

MD5
8aa2c01cbcc2d1145d1d83d3c041ae53

SHA1
f3c2c3f36adf57fa5aae788e3ee40d80bc713fd1

SHA256
8b03c5aeb6122402980a75cbb7a5a286ff8402856f12ed3a795ea20b515da323

SHA512
a353476f4456204628ae8fb14cb9424d9f8c061490297440ad6ce2f53f925b5302d2ca9a499da0ba777ded07e2888a8903f2e40a7f8a924652ff5a8f33f86480

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe

Filesize
184KB

MD5
214c8e801ba6d078c452dd03cfd5ce4b

SHA1
a86483af66a710f4eb983dde982f94026dbc1b75

SHA256
9e2ffb232ff0f36e08ce257d60af354aada768f126895ddf4cea8f12db65e008

SHA512
07693e926bc7624e876d11a81b89c5f4de7e514b55d21fc853b3f56b274b4954cadc5aac32bbc8029ea41f6e8955f64ca2b25fc08f6c3389dab0877a70994e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe

Filesize
184KB

MD5
317020956572e98d27424de9a2e1c832

SHA1
b0112bb67a052a6b84f90934484dd6d6190e4f95

SHA256
9296c464f60628426e26e7cf622c821d6aecd273dcb60a221cab42c5438711bd

SHA512
c854dbdf9abfa8f4d142dec90cb35e945744c6c3c419ca9f9f58bc690713ca8387dc652b56034ec3a3c06671e7ed1c107e47c2b731c810f8d81959797a571a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe

Filesize
184KB

MD5
433552184e195ebddec1a88fb9f47cd8

SHA1
b6d5af0064609c64843296ef7ecc4e1b49a1573a

SHA256
19534567003ac0c1f4ebadeb0e1d6e68cd40fb9c848ba500bc20be69f2e2f637

SHA512
727b86cb12842c050c8dab1ae7cb0b81c743722bd5ff627f591fcbfd5005aadb7254fc9b73ade6b8a56ae4ed51737f06550ec63445b47e9618235fdbabe8257a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe

Filesize
184KB

MD5
342b8e9a15f54e1fe5ffef0e3c41350f

SHA1
736584527c0af26a6ff44058f7e04de01400c653

SHA256
574597cee4d5dd21827bb866ec07704543ed5c5ef11fbe1967a9060d3d79d690

SHA512
9478ec4ffcafeefa7a64ae8b48c9ba1677626b51fa7fd445cdc23c66c5c354fc87319eff9b75ec288f32706050dd1cb01ca74f61d60122077d4fe7b0a71d411b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe

Filesize
184KB

MD5
a4debfee2bb1e16bb14ba6f9a2979918

SHA1
b2bfd1cdf79871403bdef45847582329c3baa389

SHA256
810ac537b2e97c09f4f24e5afde2e0bf5f7b40ce64d63030b1ce182eced48946

SHA512
9f6c89d95162edfbd5039bb42230fa965dd5fbabf2e4168a45eae1674ceeffbd1bcefb8743d3e23a425ba7bc016c12d69712ea7d089c32d3813131a505542a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe

Filesize
184KB

MD5
6be84660c1291be4e3e52480f2192a65

SHA1
9077b5d7262f4399f97a72fa717771146b905eaf

SHA256
08483d16109d1e6230f53277bc528a536f4a3ee3a7018af2d697f5410b96a778

SHA512
2c6aa744766decfbc21437be0b97ea2d42375184fab2f84760e5cd436ba5191c6111c004dc182d2cbaaa765d4ba89820061a4439749393ba1836b19bea86bed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe

Filesize
184KB

MD5
09b4e9ebee7824cfa4a121f46a1a169b

SHA1
d2f848e1c36768511f78c7bb60d3a245e5a251c3

SHA256
8d82579a2141f4c901f6d42f2f57f129e47968a19381c88933877a4085e29c33

SHA512
0bec5fcd1ce715c4f176db876b4ca12f8cd89ec7df6707b95302e430119ad318cc94e93e128b9d41f292b6d7fe10226fa0333d4ee52bbf290268b3e09ea1e103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe

Filesize
184KB

MD5
191371c1553a9b2b27fc49b8bd1a0ed9

SHA1
4349dbaf06057abb9a04deaa6334463e9c6c5ff5

SHA256
b066c263295ba82c712658fc8ee735f0bf86e9fca8fe33973129436484c4bcf8

SHA512
cd066f11fb007d42ef538c3c91aee80d65c0ce322e52712a63c825d61535319c63410ac1d7aaa58f7870d76af446be86e76581a8373b52640f29d205b40ed503

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe

Filesize
184KB

MD5
19b971957709f49c770439a72293b687

SHA1
b6b124bd686e255761b37dd59e75d2c7c1f3029d

SHA256
c070528596f3a897434ed9924c69e8148dd1849002befa4354f9e2ec113bb014

SHA512
7bac1330a0642ddda15a06f82ef12b20e3bc0be59f0c7d6dcfa65068a152afbd5d3ecd412d22a67c92a559e1fedb231063be065b46fb692b923c2d13ac298723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe

Filesize
184KB

MD5
03bc3168b4ffd49b3e3af06273c679f3

SHA1
509b7b825375de5c5804e19b3d06a47a588d78bd

SHA256
3abdea6f57a4ce2656ff99c9bb7e08f96ee778fb805dae1e579ce8aae6467891

SHA512
ffc4c398b7707c372cfd42b6d9ac24289d8730c0423679d4999b7005bd349d35c115708270135d8dc33f15c1826781c50ccadca7fb6892b4f6fbe206707f31f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe

Filesize
184KB

MD5
abba547be5b3bea3ed23be3322db82db

SHA1
821b0ad560a667652a79b3b4f468c0c242528fdc

SHA256
d60907e4abc53ea63cd3c5d8c030aa573997cb994b5012764198cc18ddeb552b

SHA512
f4b40311cb5f3bc3f7a107a1e22d341b0bab0a75ebcdc8e6b0773aba406d016f0fe3966bb834055b37429e2864ab946e1ef630fe1aec465da6d73400efdcc64d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe

Filesize
184KB

MD5
de2704e67a30d8e3c6bee141b2ad1485

SHA1
addd2a241de7426cd99507b0411d59bef5ee3cd4

SHA256
16ffcef19c4eb579c50eedc5985923c6caae1d8ce630834d030d198821f1c767

SHA512
87fa87848d4fb73f84123c1ae00fed8a3b36b56efb2a9dfde2a391bc100648ef4e2e2096412224f2c41647da817116a34f0d01e8d6317207ec09d92eb0a11653

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe

Filesize
184KB

MD5
aa6fe5cd405d85e470b50232bc403889

SHA1
77e040a4cc82710530d61b8d6681c108d86cd4e2

SHA256
bf7e3c2853bb0cc7e0178b38c5146373d939580275f0a26272d60d3c79d7e6d7

SHA512
943a83d78cb44060b15d2fb7999affcdcd758b9ba0ce926e671971f0908ed6fab2192adbcd665da20c239e422bc2bcb8a11d99336c439891e896ffd73c442c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe

Filesize
184KB

MD5
65b2e5392c1153fc666f663662908539

SHA1
1195c9dec1567842b6e7a947e8f7db11e2efed4d

SHA256
830d94012aa3fd24ec1902012f0df700191ded9cf5db8f6c3859fa1cee459945

SHA512
f2552a585b280f13d1f5a0f9d2e32bac86903dcb66dcefb925799e9e89f8a18ccbeb53307a218bea87a09068da3715c425d28080429e1e787f3d0ba7fca38cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe

Filesize
184KB

MD5
ee55656e5932ced4204da588b69f5f5d

SHA1
089e6babbd33f9ffe7d1fb71a0509cb75268ca5f

SHA256
956de1c11a18d4fefe1ed7dbf9edcc096ea6e2590ad619a3534cfb2fbf46aa49

SHA512
227cb0db39bd29239d3c2911aad5e5f7648be3ef9567a7318d6dff989c8f16997f1ad582a59d4db3c3f0319303d13c7f6e322a33490cdd94e9e91dc799a2fece

Download Submit