11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68

Analysis

max time kernel
150s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe
Size

468KB
MD5

e79b516bbd75bfeaa83d77266bbc8a06
SHA1

15178a2f91945ea6f23d7e9fc677b6d4b44ac2e6
SHA256

11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68
SHA512

1585bdd62bc0252cf28a0b8344cba5373e39cf9f8735616f560e585c460c325f324f59b5ece420a5f2f0ca2c0d8844d142b0bf3a9c1ea6821b711e942eb7ea28
SSDEEP

3072:1G3HogISIE5FtbY2HzcOcf8/zChaP0p2TVHeTVuC1Y5LR+ggEnlL:1G3obMFtxH4OcfuY9P1YVsggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3892	Unicorn-62791.exe
4584	Unicorn-61805.exe
1780	Unicorn-41939.exe
1528	Unicorn-30861.exe
4476	Unicorn-6911.exe
452	Unicorn-12386.exe
2020	Unicorn-6256.exe
1808	Unicorn-19533.exe
3492	Unicorn-38561.exe
3972	Unicorn-31785.exe
2568	Unicorn-33822.exe
1012	Unicorn-39953.exe
2508	Unicorn-13045.exe
4688	Unicorn-13310.exe
4400	Unicorn-5697.exe
3464	Unicorn-29429.exe
1048	Unicorn-13647.exe
3676	Unicorn-51795.exe
3928	Unicorn-53833.exe
1424	Unicorn-59963.exe
2656	Unicorn-57917.exe
1132	Unicorn-41489.exe
4340	Unicorn-53741.exe
332	Unicorn-27099.exe
3432	Unicorn-3149.exe
100	Unicorn-27099.exe
1720	Unicorn-37959.exe
5008	Unicorn-14084.exe
4108	Unicorn-30918.exe
3256	Unicorn-11317.exe
4488	Unicorn-16191.exe
3096	Unicorn-4493.exe
3664	Unicorn-5884.exe
704	Unicorn-61207.exe
3512	Unicorn-55277.exe
3336	Unicorn-28635.exe
3496	Unicorn-59361.exe
4460	Unicorn-32719.exe
4828	Unicorn-49558.exe
2932	Unicorn-29957.exe
2464	Unicorn-49823.exe
964	Unicorn-35433.exe
2768	Unicorn-8790.exe
1176	Unicorn-4706.exe
2148	Unicorn-47685.exe
2408	Unicorn-4441.exe
4972	Unicorn-46294.exe
800	Unicorn-35433.exe
4980	Unicorn-51769.exe
3684	Unicorn-5261.exe
3292	Unicorn-53807.exe
3532	Unicorn-52324.exe
4268	Unicorn-26303.exe
3284	Unicorn-5261.exe
2300	Unicorn-31903.exe
4196	Unicorn-522.exe
4596	Unicorn-63259.exe
4332	Unicorn-19289.exe
3672	Unicorn-46486.exe
5084	Unicorn-21235.exe
3248	Unicorn-64213.exe
4752	Unicorn-17705.exe
4220	Unicorn-2760.exe
1372	Unicorn-14747.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2164	1012	WerFault.exe	104
3632	1012	WerFault.exe	104
3104	3432	WerFault.exe	120
4344	4340	WerFault.exe	116
3288	452	WerFault.exe	99
264	4340	WerFault.exe	116
5040	452	WerFault.exe	99
384	3432	WerFault.exe	120
5412	3464	WerFault.exe	108
5760	3684	WerFault.exe	149
5664	3284	WerFault.exe	150
5328	4196	WerFault.exe	154
2900	5164	WerFault.exe	181
6600	3972	WerFault.exe	102
5028	5692	WerFault.exe	202
7312	1132	WerFault.exe	114
5780	5648	WerFault.exe	201
6800	6728	WerFault.exe	298
9144	6920	WerFault.exe	274
9032	1592	WerFault.exe	354
9284	6164	WerFault.exe	331
264	112	WerFault.exe	330
4976	6496	WerFault.exe	349
9504	3868	WerFault.exe	328
10104	3416	WerFault.exe	345
10164	7452	WerFault.exe	400
9880	5476	WerFault.exe	235
8244	6836	WerFault.exe	348
9524	6784	WerFault.exe	340
9240	5156	WerFault.exe	359
7932	2656	WerFault.exe	113
9224	7648	WerFault.exe	379
4992	7424	WerFault.exe	371
8536	6204	WerFault.exe	257
5496	7956	WerFault.exe	390
3760	7680	WerFault.exe	380
10064	7468	WerFault.exe	374
5612	7548	WerFault.exe	375
224	3996	WerFault.exe	362
5132	7404	WerFault.exe	370
5636	780	WerFault.exe	301
9616	4972	WerFault.exe	341
7616	6860	WerFault.exe	347
7476	7436	WerFault.exe	372
5304	7192	WerFault.exe	365
3540	6808	WerFault.exe	355
4140	7748	WerFault.exe	384
636	7024	WerFault.exe	326
232	7636	WerFault.exe	378
9808	5452	WerFault.exe	324
3920	6664	WerFault.exe	333
10128	6824	WerFault.exe	351
7228	1352	WerFault.exe	346
10052	7456	WerFault.exe	373
10092	5440	WerFault.exe	308
9140	3616	WerFault.exe	312
8740	6328	WerFault.exe	262
2768	7204	WerFault.exe	366
5924	4344	WerFault.exe	230
10156	5944	WerFault.exe	213
8836	1752	WerFault.exe	335
6420	5288	WerFault.exe	292
5952	6392	WerFault.exe	395
6192	6984	WerFault.exe	361

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41556.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe
3892	Unicorn-62791.exe
4584	Unicorn-61805.exe
1780	Unicorn-41939.exe
1528	Unicorn-30861.exe
2020	Unicorn-6256.exe
4476	Unicorn-6911.exe
452	Unicorn-12386.exe
1808	Unicorn-19533.exe
3492	Unicorn-38561.exe
3972	Unicorn-31785.exe
4400	Unicorn-5697.exe
1012	Unicorn-39953.exe
4688	Unicorn-13310.exe
2568	Unicorn-33822.exe
2508	Unicorn-13045.exe
3464	Unicorn-29429.exe
1048	Unicorn-13647.exe
3676	Unicorn-51795.exe
3928	Unicorn-53833.exe
1424	Unicorn-59963.exe
2656	Unicorn-57917.exe
1132	Unicorn-41489.exe
4340	Unicorn-53741.exe
332	Unicorn-27099.exe
3432	Unicorn-3149.exe
5008	Unicorn-14084.exe
1720	Unicorn-37959.exe
100	Unicorn-27099.exe
3256	Unicorn-11317.exe
4108	Unicorn-30918.exe
4488	Unicorn-16191.exe
3096	Unicorn-4493.exe
3664	Unicorn-5884.exe
704	Unicorn-61207.exe
3512	Unicorn-55277.exe
3336	Unicorn-28635.exe
3496	Unicorn-59361.exe
4460	Unicorn-32719.exe
2932	Unicorn-29957.exe
4828	Unicorn-49558.exe
2464	Unicorn-49823.exe
964	Unicorn-35433.exe
2768	Unicorn-8790.exe
2408	Unicorn-4441.exe
4980	Unicorn-51769.exe
1176	Unicorn-4706.exe
2148	Unicorn-47685.exe
800	Unicorn-35433.exe
4268	Unicorn-26303.exe
3532	Unicorn-52324.exe
3684	Unicorn-5261.exe
3292	Unicorn-53807.exe
4972	Unicorn-46294.exe
4196	Unicorn-522.exe
4596	Unicorn-63259.exe
3284	Unicorn-5261.exe
2300	Unicorn-31903.exe
4332	Unicorn-19289.exe
5084	Unicorn-21235.exe
3672	Unicorn-46486.exe
3248	Unicorn-64213.exe
4752	Unicorn-17705.exe
4220	Unicorn-2760.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3892	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	89
PID 4900 wrote to memory of 3892	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	89
PID 4900 wrote to memory of 3892	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	89
PID 3892 wrote to memory of 4584	3892	Unicorn-62791.exe	93
PID 3892 wrote to memory of 4584	3892	Unicorn-62791.exe	93
PID 3892 wrote to memory of 4584	3892	Unicorn-62791.exe	93
PID 4900 wrote to memory of 1780	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	92
PID 4900 wrote to memory of 1780	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	92
PID 4900 wrote to memory of 1780	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	92
PID 4584 wrote to memory of 1528	4584	Unicorn-61805.exe	96
PID 4584 wrote to memory of 1528	4584	Unicorn-61805.exe	96
PID 4584 wrote to memory of 1528	4584	Unicorn-61805.exe	96
PID 3892 wrote to memory of 4476	3892	Unicorn-62791.exe	97
PID 3892 wrote to memory of 4476	3892	Unicorn-62791.exe	97
PID 3892 wrote to memory of 4476	3892	Unicorn-62791.exe	97
PID 1780 wrote to memory of 452	1780	Unicorn-41939.exe	99
PID 1780 wrote to memory of 452	1780	Unicorn-41939.exe	99
PID 1780 wrote to memory of 452	1780	Unicorn-41939.exe	99
PID 4900 wrote to memory of 2020	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	98
PID 4900 wrote to memory of 2020	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	98
PID 4900 wrote to memory of 2020	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	98
PID 1528 wrote to memory of 1808	1528	Unicorn-30861.exe	100
PID 1528 wrote to memory of 1808	1528	Unicorn-30861.exe	100
PID 1528 wrote to memory of 1808	1528	Unicorn-30861.exe	100
PID 4584 wrote to memory of 3492	4584	Unicorn-61805.exe	101
PID 4584 wrote to memory of 3492	4584	Unicorn-61805.exe	101
PID 4584 wrote to memory of 3492	4584	Unicorn-61805.exe	101
PID 4476 wrote to memory of 3972	4476	Unicorn-6911.exe	102
PID 4476 wrote to memory of 3972	4476	Unicorn-6911.exe	102
PID 4476 wrote to memory of 3972	4476	Unicorn-6911.exe	102
PID 3892 wrote to memory of 2568	3892	Unicorn-62791.exe	103
PID 3892 wrote to memory of 2568	3892	Unicorn-62791.exe	103
PID 3892 wrote to memory of 2568	3892	Unicorn-62791.exe	103
PID 2020 wrote to memory of 1012	2020	Unicorn-6256.exe	104
PID 2020 wrote to memory of 1012	2020	Unicorn-6256.exe	104
PID 2020 wrote to memory of 1012	2020	Unicorn-6256.exe	104
PID 4900 wrote to memory of 2508	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	105
PID 4900 wrote to memory of 2508	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	105
PID 4900 wrote to memory of 2508	4900	11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe	105
PID 452 wrote to memory of 4688	452	Unicorn-12386.exe	106
PID 452 wrote to memory of 4688	452	Unicorn-12386.exe	106
PID 452 wrote to memory of 4688	452	Unicorn-12386.exe	106
PID 1780 wrote to memory of 4400	1780	Unicorn-41939.exe	107
PID 1780 wrote to memory of 4400	1780	Unicorn-41939.exe	107
PID 1780 wrote to memory of 4400	1780	Unicorn-41939.exe	107
PID 1808 wrote to memory of 3464	1808	Unicorn-19533.exe	108
PID 1808 wrote to memory of 3464	1808	Unicorn-19533.exe	108
PID 1808 wrote to memory of 3464	1808	Unicorn-19533.exe	108
PID 1528 wrote to memory of 1048	1528	Unicorn-30861.exe	109
PID 1528 wrote to memory of 1048	1528	Unicorn-30861.exe	109
PID 1528 wrote to memory of 1048	1528	Unicorn-30861.exe	109
PID 3492 wrote to memory of 3676	3492	Unicorn-38561.exe	110
PID 3492 wrote to memory of 3676	3492	Unicorn-38561.exe	110
PID 3492 wrote to memory of 3676	3492	Unicorn-38561.exe	110
PID 4584 wrote to memory of 3928	4584	Unicorn-61805.exe	111
PID 4584 wrote to memory of 3928	4584	Unicorn-61805.exe	111
PID 4584 wrote to memory of 3928	4584	Unicorn-61805.exe	111
PID 4400 wrote to memory of 1424	4400	Unicorn-5697.exe	112
PID 4400 wrote to memory of 1424	4400	Unicorn-5697.exe	112
PID 4400 wrote to memory of 1424	4400	Unicorn-5697.exe	112
PID 1780 wrote to memory of 2656	1780	Unicorn-41939.exe	113
PID 1780 wrote to memory of 2656	1780	Unicorn-41939.exe	113
PID 1780 wrote to memory of 2656	1780	Unicorn-41939.exe	113
PID 4688 wrote to memory of 1132	4688	Unicorn-13310.exe	114

C:\Users\Admin\AppData\Local\Temp\11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe
"C:\Users\Admin\AppData\Local\Temp\11a50a6337b89dab52d4c84028763a1a9ebf7db3c0d6b43023ab247b28f75a68.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        11⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
        12⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 636
        12⤵
        
        PID:13576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 656
        11⤵
        Program crash
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 636
        10⤵
        Program crash
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17831.exe
        9⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 724
        10⤵
        Program crash
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 740
        9⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        10⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 604
        11⤵
        Program crash
        
        PID:636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 660
        10⤵
        Program crash
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 736
        7⤵
        Program crash
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        9⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 636
        10⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        9⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        9⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        9⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        9⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        8⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5341.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        8⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 752
        7⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        9⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 656
        9⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        8⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 724
        9⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 732
        8⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        8⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
        9⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        9⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        9⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        9⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
        8⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        6⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 632
        7⤵
        Program crash
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        6⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
        7⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
        6⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19393.exe
        9⤵
        
        PID:780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 640
        10⤵
        Program crash
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 756
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46523.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        10⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        10⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        11⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        10⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        9⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 636
        10⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        9⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        9⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        8⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 636
        9⤵
        
        PID:14976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 672
        8⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        9⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        9⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        9⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
        9⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        9⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        7⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 636
        8⤵
        Program crash
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 636
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        7⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 636
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        10⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        9⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        10⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        9⤵
        
        PID:13492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 748
        8⤵
        Program crash
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        7⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 628
        8⤵
        Program crash
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        6⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 636
        7⤵
        Program crash
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
        6⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 636
        9⤵
        Program crash
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 676
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        9⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        7⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        9⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 660
        9⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        8⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2921.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        8⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 660
        7⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        6⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 632
        7⤵
        Program crash
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        5⤵
        Executes dropped EXE
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
        6⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 644
        7⤵
        Program crash
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        7⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        6⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        7⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        5⤵
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 632
        6⤵
        Program crash
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        5⤵
        
        PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 628
        10⤵
        Program crash
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        9⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        9⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        8⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 628
        9⤵
        Program crash
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40585.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        10⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        11⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        11⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        10⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 668
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        10⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        10⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        9⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36426.exe
        9⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        7⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 632
        8⤵
        Program crash
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 632
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        7⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 632
        7⤵
        Program crash
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        8⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 652
        7⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        6⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        7⤵
        
        PID:15332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 492
        6⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        5⤵
        
        PID:5516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 760
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        10⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 740
        9⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 660
        8⤵
        Program crash
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        7⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 604
        8⤵
        Program crash
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        8⤵
        
        PID:15172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 752
        7⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
        8⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 632
        9⤵
        Program crash
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        9⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        7⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 636
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        8⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        7⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        6⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 624
        7⤵
        
        PID:9996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 736
        6⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        7⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 636
        8⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 652
        7⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
        7⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        6⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 720
        7⤵
        Program crash
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 720
        7⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        6⤵
        
        PID:1464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 632
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44769.exe
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        6⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        8⤵
        
        PID:10396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 652
        6⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
        6⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        5⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        5⤵
        
        PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        5⤵
        
        PID:5164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 728
        6⤵
        Program crash
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
      4⤵
      PID:6784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 632
        5⤵
        Program crash
        
        PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
      4⤵
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        5⤵
        
        PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
      4⤵
      PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
      4⤵
      PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        9⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        10⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        11⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 664
        10⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 636
        9⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 640
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        7⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 640
        8⤵
        Program crash
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        9⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 636
        10⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        9⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63168.exe
        10⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        7⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        6⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 636
        7⤵
        Program crash
        
        PID:5612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 660
        6⤵
        
        PID:14312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 648
        5⤵
        Program crash
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        9⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        9⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 636
        8⤵
        
        PID:12792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 672
        6⤵
        Program crash
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        7⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        6⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        5⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        5⤵
        
        PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 632
        5⤵
        Program crash
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      4⤵
      PID:6808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 632
        5⤵
        Program crash
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
      4⤵
      PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
      4⤵
      PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
      4⤵
      PID:14400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        7⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 648
        8⤵
        Program crash
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        7⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        7⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 720
        8⤵
        Program crash
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        9⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        8⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 648
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        9⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 628
        8⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 680
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        7⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 632
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        7⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        5⤵
        
        PID:3868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 636
        6⤵
        Program crash
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        6⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        5⤵
        
        PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 636
        5⤵
        Program crash
        
        PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        5⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29651.exe
        5⤵
        
        PID:7636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 632
        6⤵
        Program crash
        
        PID:232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 632
        6⤵
        
        PID:11504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        7⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31649.exe
        6⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        5⤵
        
        PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
      4⤵
      PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        5⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        6⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        5⤵
        
        PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
      4⤵
      PID:14592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
    3⤵
    PID:6984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 648
      4⤵
      Program crash
      PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
    3⤵
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
      4⤵
      PID:9188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
    3⤵
    PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
    3⤵
    PID:10544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16357.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        10⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 664
        9⤵
        Program crash
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        8⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 644
        9⤵
        Program crash
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 644
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        8⤵
        
        PID:10664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 748
        6⤵
        Program crash
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        6⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        7⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 640
        8⤵
        Program crash
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        5⤵
        
        PID:7192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 628
        6⤵
        Program crash
        
        PID:5304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 740
      4⤵
      Program crash
      PID:3288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 740
      4⤵
      Program crash
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        10⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        11⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        12⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        11⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        10⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        10⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 752
        9⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 668
        8⤵
        Program crash
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        9⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        9⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        9⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        8⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        8⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60211.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        8⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        7⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        6⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 728
        7⤵
        Program crash
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        7⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        6⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        6⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        9⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 636
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        9⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        9⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        8⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        7⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        6⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 636
        7⤵
        Program crash
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        5⤵
        
        PID:7648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 640
        6⤵
        Program crash
        
        PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
      4⤵
      PID:5692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 636
        5⤵
        Program crash
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
      4⤵
      PID:112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 636
        5⤵
        Program crash
        
        PID:264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 636
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        5⤵
        
        PID:11864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 628
      4⤵
      PID:12784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        6⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        8⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        8⤵
        
        PID:15188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 716
        7⤵
        
        PID:12832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 636
        6⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
        5⤵
        
        PID:6392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 644
        6⤵
        Program crash
        
        PID:5952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 664
        5⤵
        
        PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
      4⤵
      PID:6664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 720
        5⤵
        Program crash
        
        PID:3920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 752
      4⤵
      Program crash
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        7⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        6⤵
        
        PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        6⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        7⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        6⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
      4⤵
      PID:7956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 632
        5⤵
        Program crash
        
        PID:5496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 632
        5⤵
        
        PID:13928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 636
      4⤵
      PID:3704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        5⤵
        
        PID:1296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 644
        6⤵
        
        PID:1372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 632
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
        5⤵
        
        PID:7848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 636
        6⤵
        
        PID:13584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 656
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
      4⤵
      PID:8704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 512
      4⤵
      PID:12488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
    3⤵
    PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        5⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        6⤵
        
        PID:13744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 648
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
      4⤵
      PID:11944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
    3⤵
    PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
      4⤵
      PID:9340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 636
        5⤵
        
        PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
    3⤵
    PID:10924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17238.exe
    3⤵
    PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
    3⤵
    PID:14304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 720
      4⤵
      Program crash
      PID:2164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 720
      4⤵
      Program crash
      PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 632
      4⤵
      Program crash
      PID:3104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 632
      4⤵
      Program crash
      PID:384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 636
      4⤵
      Program crash
      PID:4344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 676
      4⤵
      Program crash
      PID:264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 608
      4⤵
      Program crash
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
    3⤵
    PID:6496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 636
      4⤵
      Program crash
      PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
    3⤵
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
      4⤵
      PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
      4⤵
      PID:5200
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 748
    3⤵
    PID:12800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        8⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 724
        7⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        6⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        7⤵
        
        PID:15224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
      4⤵
      PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64462.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        6⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        7⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        6⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        6⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        5⤵
        
        PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
    3⤵
    PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        7⤵
        
        PID:2200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 648
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
      4⤵
      PID:6048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 648
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
      4⤵
      PID:14968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
    3⤵
    PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        5⤵
        
        PID:8960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 452
        5⤵
        
        PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        5⤵
        
        PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
      4⤵
      PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
      4⤵
      PID:15208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29128.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
      4⤵
      PID:14648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
    3⤵
    PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
      4⤵
      PID:15028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
    3⤵
    PID:13356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
  2⤵
  PID:5252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18818.exe
  2⤵
  PID:6164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 640
    3⤵
    - Program crash
    PID:9284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
  2⤵
  PID:8648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
  2⤵
  PID:10932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
  2⤵
  PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1012 -ip 1012
1⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1012 -ip 1012
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3432 -ip 3432
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4340 -ip 4340
1⤵
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 452 -ip 452
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4340 -ip 4340
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3432 -ip 3432
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 452 -ip 452
1⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3464 -ip 3464
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2768 -ip 2768
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3684 -ip 3684
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3292 -ip 3292
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3284 -ip 3284
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4196 -ip 4196
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4980 -ip 4980
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4972 -ip 4972
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1424 -ip 1424
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3676 -ip 3676
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5008 -ip 5008
1⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4108 -ip 4108
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2568 -ip 2568
1⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3972 -ip 3972
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4688 -ip 4688
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2020 -ip 2020
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1132 -ip 1132
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2768 -ip 2768
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4972 -ip 4972
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3292 -ip 3292
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5164 -ip 5164
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4980 -ip 4980
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4828 -ip 4828
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1424 -ip 1424
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4460 -ip 4460
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2464 -ip 2464
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1176 -ip 1176
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5008 -ip 5008
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4596 -ip 4596
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3676 -ip 3676
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5588 -ip 5588
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2020 -ip 2020
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4828 -ip 4828
1⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4688 -ip 4688
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3972 -ip 3972
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2568 -ip 2568
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5692 -ip 5692
1⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2464 -ip 2464
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5844 -ip 5844
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4460 -ip 4460
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5776 -ip 5776
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5720 -ip 5720
1⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1132 -ip 1132
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4108 -ip 4108
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6112 -ip 6112
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5252 -ip 5252
1⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6056 -ip 6056
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 2444 -ip 2444
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5832 -ip 5832
1⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5540 -ip 5540
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4976 -ip 4976
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6100 -ip 6100
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6088 -ip 6088
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4488 -ip 4488
1⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4596 -ip 4596
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5588 -ip 5588
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1176 -ip 1176
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3672 -ip 3672
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5596 -ip 5596
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4332 -ip 4332
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6444 -ip 6444
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4196 -ip 4196
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5844 -ip 5844
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6232 -ip 6232
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5160 -ip 5160
1⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5612 -ip 5612
1⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4536 -ip 4536
1⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6188 -ip 6188
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5616 -ip 5616
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5320 -ip 5320
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5152 -ip 5152
1⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6372 -ip 6372
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6364 -ip 6364
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6344 -ip 6344
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 100 -ip 100
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3284 -ip 3284
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1372 -ip 1372
1⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3684 -ip 3684
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4728 -ip 4728
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5776 -ip 5776
1⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5720 -ip 5720
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6112 -ip 6112
1⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1708 -ip 1708
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2300 -ip 2300
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 964 -ip 964
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2148 -ip 2148
1⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5276 -ip 5276
1⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5568 -ip 5568
1⤵
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4556 -ip 4556
1⤵
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5508 -ip 5508
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5288 -ip 5288
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5648 -ip 5648
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4976 -ip 4976
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6100 -ip 6100
1⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5832 -ip 5832
1⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5252 -ip 5252
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2444 -ip 2444
1⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5540 -ip 5540
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6056 -ip 6056
1⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6088 -ip 6088
1⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6232 -ip 6232
1⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6444 -ip 6444
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5160 -ip 5160
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5612 -ip 5612
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6188 -ip 6188
1⤵
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4536 -ip 4536
1⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5616 -ip 5616
1⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5320 -ip 5320
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6364 -ip 6364
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6372 -ip 6372
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6344 -ip 6344
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 5152 -ip 5152
1⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 100 -ip 100
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 1372 -ip 1372
1⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 5516 -ip 5516
1⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4728 -ip 4728
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6728 -ip 6728
1⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6920 -ip 6920
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 1708 -ip 1708
1⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 2300 -ip 2300
1⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 964 -ip 964
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5276 -ip 5276
1⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 2148 -ip 2148
1⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6720 -ip 6720
1⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 5568 -ip 5568
1⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 1592 -ip 1592
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6496 -ip 6496
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 4556 -ip 4556
1⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3868 -ip 3868
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 5508 -ip 5508
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 5288 -ip 5288
1⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 112 -ip 112
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5164 -ip 5164
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6164 -ip 6164
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 5892 -ip 5892
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6272 -ip 6272
1⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 5476 -ip 5476
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3416 -ip 3416
1⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 1296 -ip 1296
1⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7452 -ip 7452
1⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3492 -ip 3492
1⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 6852 -ip 6852
1⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2192 -ip 2192
1⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6984 -ip 6984
1⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6392 -ip 6392
1⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6836 -ip 6836
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5736 -ip 5736
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5944 -ip 5944
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4344 -ip 4344
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3616 -ip 3616
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7204 -ip 7204
1⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6328 -ip 6328
1⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 5440 -ip 5440
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 7456 -ip 7456
1⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 1352 -ip 1352
1⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6824 -ip 6824
1⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6784 -ip 6784
1⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6664 -ip 6664
1⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7636 -ip 7636
1⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5452 -ip 5452
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7024 -ip 7024
1⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7748 -ip 7748
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6808 -ip 6808
1⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7192 -ip 7192
1⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 7436 -ip 7436
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 6860 -ip 6860
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 4972 -ip 4972
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 1752 -ip 1752
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 780 -ip 780
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7404 -ip 7404
1⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3996 -ip 3996
1⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 7548 -ip 7548
1⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 7468 -ip 7468
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 7680 -ip 7680
1⤵
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7956 -ip 7956
1⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6204 -ip 6204
1⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 7424 -ip 7424
1⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5156 -ip 5156
1⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 7648 -ip 7648
1⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2656 -ip 2656
1⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 3096 -ip 3096
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5752 -ip 5752
1⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6948 -ip 6948
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5932 -ip 5932
1⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 3512 -ip 3512
1⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 6356 -ip 6356
1⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 5728 -ip 5728
1⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5360 -ip 5360
1⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5468 -ip 5468
1⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5484 -ip 5484
1⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5208 -ip 5208
1⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5388 -ip 5388
1⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5516 -ip 5516
1⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5136 -ip 5136
1⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5460 -ip 5460
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3532 -ip 3532
1⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 1720 -ip 1720
1⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2932 -ip 2932
1⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 704 -ip 704
1⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 2408 -ip 2408
1⤵
PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 6936 -ip 6936
1⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 6240 -ip 6240
1⤵
PID:13520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4120 -ip 4120
1⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 6720 -ip 6720
1⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6760 -ip 6760
1⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6956 -ip 6956
1⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6048 -ip 6048
1⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5692 -ip 5692
1⤵
PID:13900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6028 -ip 6028
1⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 4400 -ip 4400
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7796 -ip 7796
1⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 7944 -ip 7944
1⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2508 -ip 2508
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5260 -ip 5260
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 1152 -ip 1152
1⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7628 -ip 7628
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7784 -ip 7784
1⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5084 -ip 5084
1⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5080 -ip 5080
1⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 4688 -ip 4688
1⤵
PID:14824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7848 -ip 7848
1⤵
PID:14832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 8124 -ip 8124
1⤵
PID:14968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6928 -ip 6928
1⤵
PID:14988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 7768 -ip 7768
1⤵
PID:15020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 5588 -ip 5588
1⤵
PID:15028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 6996 -ip 6996
1⤵
PID:15088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6000 -ip 6000
1⤵
PID:15096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5640 -ip 5640
1⤵
PID:15104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6612 -ip 6612
1⤵
PID:15120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 4108 -ip 4108
1⤵
PID:15332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 5648 -ip 5648
1⤵
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 1676 -ip 1676
1⤵
PID:14788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5816 -ip 5816
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 4244 -ip 4244
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7696 -ip 7696
1⤵
PID:15248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7480 -ip 7480
1⤵
PID:14552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 5900 -ip 5900
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7608 -ip 7608
1⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 8744 -ip 8744
1⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8692 -ip 8692
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4552 -ip 4552
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 8296 -ip 8296
1⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 8732 -ip 8732
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 5772 -ip 5772
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 5372 -ip 5372
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6496 -ip 6496
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 3412 -ip 3412
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7024 -ip 7024
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 2780 -ip 2780
1⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6828 -ip 6828
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 7528 -ip 7528
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6336 -ip 6336
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4980 -ip 4980
1⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 2952 -ip 2952
1⤵
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 9176 -ip 9176
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 10428 -ip 10428
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 9744 -ip 9744
1⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 10260 -ip 10260
1⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 9340 -ip 9340
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 10336 -ip 10336
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 8680 -ip 8680
1⤵
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 9804 -ip 9804
1⤵
PID:14624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 7300 -ip 7300
1⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 11080 -ip 11080
1⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 11020 -ip 11020
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 9736 -ip 9736
1⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3492 -ip 3492
1⤵
PID:14528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6272 -ip 6272
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 112 -ip 112
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6852 -ip 6852
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5476 -ip 5476
1⤵
PID:14788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 9920 -ip 9920
1⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7436 -ip 7436
1⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3996 -ip 3996
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 10932 -ip 10932
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5736 -ip 5736
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 11872 -ip 11872
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 8012 -ip 8012
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9148 -ip 9148
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 7468 -ip 7468
1⤵
PID:9008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe

Filesize
468KB

MD5
31bf29ea194f124f13501bcd834280b6

SHA1
5ca8eeb57b0928261f1bfe214d37612cb2ce986d

SHA256
ea5dc3116017dca1a2c3385a905c00b365dbada3a933448a52c16ada2ee8c567

SHA512
9dd0b2a72bc9f89f5c1738cb510202caa9173c171a2cac0a83a6ad5fe9851e35da07ca0b89ca45bf8df137f6b9b9049977743a6b215ff6090ff88a3e153d44ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe

Filesize
468KB

MD5
0fb8409009d34ccbe5ca0731f8c4b405

SHA1
97a3e823b0a316aafbf92df0470f4b97cb4fdbc3

SHA256
2e2606d5c57442eebff3d8fe01c4ace37d5c60cdc7291bde50428366e34cfa3b

SHA512
d5f8eff54ec2f21231956f392b6171904b0cc918662a32ffb92ce7c6d717f7dccafb7c810a51cf4f8108d5b5565eb176a46b37a40ff9a53a093b70d8411d0dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe

Filesize
468KB

MD5
4d35efa4858616128ad3e283b7fd1236

SHA1
b359f0173e2a83fce1299f824f807eea6ec88e6a

SHA256
8905ae889bc2f62feb7d081b5717dc2910c1f050b704f5dfd4a1739a502bd433

SHA512
b0cbd116dc7bb7b43bf513681606bbf740c4ff992c16afb2401c34457d57464ad5b63e8a5e3f9dea2f3d92b4a9d7a650807261325894659efea20b03ff618ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe

Filesize
468KB

MD5
f177e43eb65298b87cc31372ec095f85

SHA1
ebc7b3de32ac6d5ead8faa97d0c1471b67718d23

SHA256
579ae766e8a55769faaaf8062ed739c4c78cc62d59cbe6f9e7e6d321adfc6be2

SHA512
46377c12c470853f9e13be641d99caf69a3c895416ec7c303e01e9a284445687411430a40b93d12da0569f651415063c014f053a3e6bf71abe85460d02a7e5cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe

Filesize
468KB

MD5
736720f735c899e004484af3f4531f31

SHA1
2adec41c0a62d70a3605e26ca399e786613bfb9d

SHA256
67a438b7333906cb2e5e73c4747d2a93ea57d43f0f03b5f831c1a67695f7fe4a

SHA512
d92bd096d61da06d36200ec5674a9127834af7872ca5e9dd3df7edca49628fca7367e5229635e907ca0b9ca95dd610d75a55dc65ccf1695e4347af0f0f78a9e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe

Filesize
468KB

MD5
8a81c472cc70b41dbb07939e499c0340

SHA1
370d320011bd84a3a5432cb8b67a8ce050d33042

SHA256
e6883dbafaadd0d0a61bf40d0f9827232869296820cb121f8626d9448f664255

SHA512
f8a024b29b74448ab9da1b71dbf85966ac679d49119e046ff29eb20efd583797b9533a0aaa91559d3bc55997c1a576a6611df66f6f1d63cc3c700602c907a0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe

Filesize
468KB

MD5
13878276b1adae9da38840d562a916d0

SHA1
40b6dec54bb60a236a94a729eb516b26a0ecfbbd

SHA256
806c5f6a11f80c84dc56e5dc8cdca519ebecb550bd785447a8fb3238b7ead2d1

SHA512
ecd0aefd6fbc7a14d230dd467c91b75d6097ec4d143a0714a41c60f2f23dbc33664de20cac44f06bc8a16c48cb9afc192032bf375e14e4a5016d4e5c7ebb7c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe

Filesize
468KB

MD5
48cdc307dfd3d645497a12c5a169ef1c

SHA1
4dedc1db79ed7824590f2294b68f024cc8861888

SHA256
52cc4b358f731bcf74e0e8dc1e92d18ae0f18a3f3f249e98237acfaf41973508

SHA512
92ce50b267174d5f6e6b169f0fc7ca150e223ccf6cf432882f4bd6a95654181a9d625f5978977cebe30008a409b87bbe6c13c7fcf6d71d14f89caa4118ad58a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe

Filesize
468KB

MD5
2bd010b64499a3c4c82f0c727c501917

SHA1
625b22911606fc59d86804f47e43458785e21a52

SHA256
2148421ade427bc94886fd37c7a8da85f5cece5bf54377606e1086cc6779c280

SHA512
8f81d655c2cf3b105da40204ed0f4fd9e6876f417247c5a6cd1ef18d4fe3d455534a71e29d8c978897f1549b988b627264eac0179cfb61424fb5e0a38b1c97ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe

Filesize
468KB

MD5
ed6d68685d34361a40fe4fb21a26e3fb

SHA1
33bcabef4f1e1a47f9d5a740b95c559da74f842c

SHA256
9ece5afc5d1354014f826c8efd632863b96820aac15b1ed038df5a520663f106

SHA512
b5de5c2136af12c1ba1c27e0ee20844b5cdabf944b0ab3f07422761d492d7fa505669af0d46dd49f24731ffb82eedf07be3d4d9c786de8b44fdab28d36b80429

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe

Filesize
468KB

MD5
12bc5f344be84e384dc26ccabbbc9acb

SHA1
f7608ca807a3901482bbf6c776565a55c91ce4da

SHA256
0fea394bab5fec482b3c4b7226cadafa0465c9971bda43ebb2edcb07c4f5d24a

SHA512
2ea3ff41f18692cd17d7e85d9d43c97da8c057c2f055a07d1f03edc43b157dddc8286bd13ced0ee7fcee2f4617ec1ab947eed6ee1f1c84d5948202b5f91c2ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe

Filesize
468KB

MD5
f21fb0b2cd23a617f093e7d16e073e43

SHA1
4a2e7a15bc9f407393f662d1a8969cb1a05f372e

SHA256
8ab7f86196a50d65eb65e0f83e5b5b354d8c11083674716b5f640f4e476b41f4

SHA512
62911e4f37189a4ffae2d1e656af5521d60829a2bbb0caf494b42035f0c8cb454a89e0d90fc7eea450bddf806aedebb30b8dc5628dcdc81c80d062f76913ff3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe

Filesize
468KB

MD5
136f95b2db085bd38bbc88f36c5150d9

SHA1
0a1883d641826818ab7beef83b27d68d4fd29ae2

SHA256
520634c8ffe722e5fae7936245dcbc7dff72510f1d7ce27aa435a0d8d1b6018e

SHA512
25fac268b521ef33b54231a3453d840f0062c20297ce9c3eefea60965b6baabd0e8b465ffae043d4e223e88da8fda0e32cb4163db365e5163053e758af206939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe

Filesize
468KB

MD5
871cce75d19ca5f8e3bcafc899bd7e54

SHA1
5a265fbf339d5d11fa046126af4d60dbfbf3967d

SHA256
95e0e1d73f1df9535a6ac34a3bade217a1e74b06522d575757bea6d863c05932

SHA512
80c5f83365f342473943f67408beba3b352c018a4f2fcd0bbb7bb1597fad6f92cf78c79f4fa661f79d31215b140d50ab21bb5bff55165a31a64e1d65502e4303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe

Filesize
468KB

MD5
94203322f8fc803ca29b5770f03a4329

SHA1
cf6159124c06386956d8ec3a50dc91eab047f276

SHA256
3179038bd296f42a5d41ee6da4660936940b9ffe6543cf303dcd1fa6ba68651e

SHA512
6cf28d1da00d70a83d0a6542e17be9dc39d34523e0d87c279046b4e86f66923ee0cb1f30302f14aacb35f346ed32858a02e8b0408b64b430f519a0a5d23786ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe

Filesize
468KB

MD5
e0eeb8c3d1fec424aaf3bd41af5ece48

SHA1
87cc51237a958bce261f0e03b9b7e50941d1f6d0

SHA256
efb52fe7b9b6578fa41efa519c3ab2ae298ec3211396d4a06600bc8b65419411

SHA512
4201384bda922119017ae0b1ab32677a88d3e55917300583fb306fb6d1f2901f0f4f93d8c0865817cb2f794dee78629d602a7f8b79df76bf75cddad6c8768c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe

Filesize
468KB

MD5
78823d34f0a9a51c446bbed2eb29925f

SHA1
b0084f3f153e52a1fef1abe8b82a667a6873d9b0

SHA256
d1ace9c174c8feb31e547c1e679205694dcae57141846cee2a3e9769f0bedcf4

SHA512
343ffc4c381989b2cd04c244f8149665b37ee8baed9c2e63268a6b11789ae37f838d0d819c6f75aeeb02a2542ca4e02e07fd4d8cd9a35daf9e51808f0880e335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe

Filesize
468KB

MD5
b69620acfe23dc951830e69a664746d9

SHA1
0f5a55843f85a3a5e6d82a2b42ce99d2b3063026

SHA256
28ce6f59e381d7bc6b172e4243316be3dac4b3afb11e0ceee4d35dccdabed1f4

SHA512
dfde63198391b1b4032d66933be05b5dafa9da4469f10163abfa0414b2265f57e1cef45a8a04cc705f334e9806ef573f489c0dc2dbdef0e533bdd0d72c0bc759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe

Filesize
468KB

MD5
bd23d95d6534e027fccc6b478e9e33a3

SHA1
b240fbc7f4d1abf7454a2304041e31fda5d8c5c1

SHA256
91f97c0509fb182d428ebcaf36ddffdacce18e8b9e2c849f8f0f33af7178db5b

SHA512
8e386dd6e280790b6de0172813acd653b73721dc1de1fab6d91d9c876c9a1cde68840986c9b58bf6b6c2983187292a6b39d974c29ad212d1a36f2454bd9077a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe

Filesize
468KB

MD5
afa828dd952af8430499e88a34170c3c

SHA1
87264fe8a04b91be74dae4c9e77612aec68b0ebf

SHA256
c252aa8e42772175bfca785d7cbfa9b3419ae4eca20a3221ff79a0f4603eefbe

SHA512
fc9bc172218bc537a9b46bb8df482e4f7b19dba4cd12d5c424064c355a14cc385276b76917b682cbe7f95377a66e56b0856fb901c614f9290d2743e351995c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe

Filesize
468KB

MD5
73fb1a2a6b85bf95594d874fdb508b18

SHA1
986d29c05e21843d701f065f313b8577b8a687b9

SHA256
8ddfbf43f46335909719f82fe8d78dbc0f94961a01f79a007e756963ee9fc3bf

SHA512
3a53c87b626f0b137e3fe57c7ae9152431e3db2cd55d066fbeb318b4ea0e62bc670b753fb1505fe68d7eaa982053c84c1550afc70b8f76f7ac95e2431cd7443c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe

Filesize
468KB

MD5
e29b1018d45c07ee8afa3252943f647a

SHA1
fc16ec06974529957132f1b385568df223947f62

SHA256
82b4cc300763db07558e6d7668dbe869f0b9dd361f14e32ea5cbd713fc931080

SHA512
132cd8ee8da3d195d1c6431c4030040fd58405bf31d030d9bdfe850cab75ec98ab3b13107ddbdf4559b210dea91b1f7294f8f870499a7af883f022fb40c2a305

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe

Filesize
468KB

MD5
4732c03fa9551ebe41d48ae5b76c3e3e

SHA1
689e086f987b4cef8e7900db92769a41eeb71222

SHA256
db6535f765d481299789fcc064baac2737dec93154df2696fc5da78966e1f230

SHA512
e8c043577395dbe3be6f210df19ee93e0af9391a812a014f2d27389f86f6bdc61dded2c6766f1aaf578006b013fdaa18ca54c0d7a7be5bd2862cf108c4fce2b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe

Filesize
468KB

MD5
53c5b5cb8153463d688799632d1f406d

SHA1
f1547703d9dae83aaef1e4ae8d8f86f3ec9817cc

SHA256
52776e882af8be42802cc1c6da84f0f12cafb278bb5d60166a0daf4534e62154

SHA512
41532366a3005d9372c33d51989d0feec9e18b587cf68b490f97d04f5bdb31206f047cfa44da6a515a7d59c7c2591ac8440c89a317e3ddc6abaef28a8665b23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe

Filesize
468KB

MD5
a80cb9d5efdd1ba078b7353c338b2ebc

SHA1
4636ff35682f8a868c302aa1fe3027ff88b61a4c

SHA256
a38894ce7af9ec6ae0c10bfe0319899ff5462401b6af546cb94b80c7be060217

SHA512
6e787fd0e01eff30f6431d815dd9a969ad88eca4f08d2fbc4b34503e140c9d9712f5fd72372fb5e47a055a558f6144df0b3269623e2def8aa65bbfbf024ee23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe

Filesize
468KB

MD5
00cf0af0fcc9af8073f2aa4b4423e4a3

SHA1
741b1273dec7d0bd3d411f3bfcc3fa56b5b32550

SHA256
16840065fac00f294f793d3bc3719bb0afe9ad3e26311249ab6d08142bafab64

SHA512
581a29467d5d4e15bd955fd38b877ded0f3477b4c3e1df205715c008ffcc81e5b8845238dcfa2f7812c1f2b6baa4425c9de9afe9a4fcdef3bf3f67ce3b96f58e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe

Filesize
468KB

MD5
09ed53329d98cebf0206e3d19087c4fc

SHA1
ee46bc12f053d63e26cf1bdbee5405a7d9e5861a

SHA256
d55600a38a9a171bd509d04b12d07fef066bdcce9bd3376361b06f069485024c

SHA512
5431e5b18c4e1861c389b82ee2d1541ccda187a084b75effe16dd4362ceea25e4cb58cc7d4999d585ee3781623883dcaf556229d167e498e7425033b7b2ac9fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe

Filesize
468KB

MD5
3ccd7ee403a7cfc30aaff5ea457cb499

SHA1
487aa4dfd16ceab8c9d7b1318d1786b438de7eea

SHA256
5b149086ec96242d3fe2d2f20ac1887bc822ac2e4619a2bd12ba97329a83714f

SHA512
5e54fd686244b273d11763f47c9c5cbf4cc151a8e05aef4ddc7f2dfd5db88deb308442328ec06588a413585a83a4e4adcc9356b002e3c305b4d0abc95eac72f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe

Filesize
468KB

MD5
2467c82e261e436e6845b474c60ac272

SHA1
2d55b6ee5225f13ac04bfd7bb5b91c82b688680e

SHA256
a523ba68d8416d38a583774f2948b5bb78896cfdbc73b66dda5ec082983af8ff

SHA512
6beeb1c28269096aa4ddb7910b55f8743ba65254591c8acfdf6b610ee16ddd35dba13dca8cf4159b92c06e125d8cc4b266d04083c44b332849064915d659039e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe

Filesize
468KB

MD5
94481d41d688ebbf320778378e2b622c

SHA1
551c3fb7204c1f84ee086053bc871ecbc0ea4b0d

SHA256
221b73eec5a718a9cb8b02a6dc4dba4f97bfb886b6d10184e7dd65adb38f08c5

SHA512
8ec455c9209a430b603834dc5fc0a79dad4c6776b346a77630041e8ebb8c98c059a8deeb3065eecb622e6d4d6ec24d81a16c1b86feb2974bbcd6c293e0eee709

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe

Filesize
468KB

MD5
16dcc04c175e260a7f92e19127f5a4a0

SHA1
fefa9bd982ee7bc83eb396a93f0d48510652d483

SHA256
2b0c8188e2a7c732c69a38973d51bb15d605e437406a9d21fcc7171e1b101b8c

SHA512
e8d3b55df34f75025597655ac12235703fcbe7720d5f58c6ec73af200503109127852baa753e383ced86d57d0c459ab469448a48a00403ce0fcd4a27da7482c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe

Filesize
468KB

MD5
4bf7bbfd6791cd7f030feb10b4bba216

SHA1
36600d0b562ff390e268396b5b3e0369e11a46dc

SHA256
9747a34d10c821434bdd0704dedbcaa21bb4f21171067b7bab8d90bc3ff6375f

SHA512
19e8e7f917733e43e01f538cdec306a0678cd94cb2a237ef8f76efc915db1ba73ac1b3af675b49194bfa478cc39cc7ef28c05d4553155f49838e679247a688eb

Download Submit