a9d32a7884c6deb9f6dce45b9a77c95b797d481bb9409d709dd9d3ad78ba5968

Analysis

max time kernel
26s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa48b79da0500f13713d3729f00d1bd0N.exe
Size

468KB
MD5

aa48b79da0500f13713d3729f00d1bd0
SHA1

fceb4cfd7eaaea952c7aba381c9883e8ee05aa7a
SHA256

a9d32a7884c6deb9f6dce45b9a77c95b797d481bb9409d709dd9d3ad78ba5968
SHA512

5220d664c9028309ef46e1b448c4b64d414c1b740b9df81748456b8800d85ee82b04810224335d496335cb54b769659f95680bb36b0033840910f0598bc04fba
SSDEEP

3072:1G3HogISIE5TtbY2HzcOcf8/zCcaP0pkJVHeTVPyQ65LR7igqflL:1G3obMTtxH4OcfVY10Q6VVigq

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 59 IoCs

pid	Process
2236	Unicorn-51833.exe
1908	Unicorn-47272.exe
760	Unicorn-32751.exe
4640	Unicorn-33832.exe
2828	Unicorn-19311.exe
4892	Unicorn-33046.exe
3888	Unicorn-21305.exe
3040	Unicorn-31510.exe
1760	Unicorn-37641.exe
4452	Unicorn-20729.exe
4696	Unicorn-12046.exe
1204	Unicorn-31647.exe
1884	Unicorn-55337.exe
3100	Unicorn-35663.exe
2692	Unicorn-55529.exe
1924	Unicorn-24896.exe
740	Unicorn-25161.exe
1900	Unicorn-58217.exe
3712	Unicorn-38351.exe
3536	Unicorn-86.exe
3084	Unicorn-9016.exe
3832	Unicorn-51511.exe
3436	Unicorn-4911.exe
5100	Unicorn-36264.exe
264	Unicorn-11624.exe
1872	Unicorn-24047.exe
428	Unicorn-18318.exe
1824	Unicorn-43145.exe
696	Unicorn-29305.exe
1256	Unicorn-61785.exe
1828	Unicorn-29113.exe
3628	Unicorn-55271.exe
3404	Unicorn-28729.exe
3092	Unicorn-45065.exe
2240	Unicorn-11816.exe
4940	Unicorn-33205.exe
3332	Unicorn-19470.exe
5064	Unicorn-8479.exe
2688	Unicorn-19414.exe
724	Unicorn-47888.exe
4632	Unicorn-1951.exe
2008	Unicorn-42287.exe
5116	Unicorn-61801.exe
1400	Unicorn-9071.exe
1700	Unicorn-22824.exe
1908	Unicorn-8303.exe
1916	Unicorn-46425.exe
1912	Unicorn-56247.exe
4112	Unicorn-31625.exe
2212	Unicorn-31625.exe
640	Unicorn-57399.exe
3412	Unicorn-33161.exe
864	Unicorn-5880.exe
3232	Unicorn-17064.exe
3216	Unicorn-2543.exe
2908	Unicorn-22409.exe
4452	Unicorn-34831.exe
1480	Unicorn-50784.exe
424	Unicorn-50784.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
696	1908	WerFault.exe	93
1572	1908	WerFault.exe	93
4876	4452	WerFault.exe	108
3316	4452	WerFault.exe	108
448	3712	WerFault.exe	116
3080	3832	WerFault.exe	120
3448	4640	WerFault.exe	98
1424	4640	WerFault.exe	98
1052	3712	WerFault.exe	116
2108	3832	WerFault.exe	120
3440	1828	WerFault.exe	133
2872	1828	WerFault.exe	133
3108	724	WerFault.exe	143
2000	3628	WerFault.exe	134
2112	3404	WerFault.exe	135
3712	2688	WerFault.exe	141
5868	4112	WerFault.exe	163
6084	3404	WerFault.exe	135
3832	2688	WerFault.exe	141
3948	724	WerFault.exe	143
6000	1012	WerFault.exe	198
3832	5388	WerFault.exe	215
6328	5216	WerFault.exe	207
6588	5632	WerFault.exe	218
5924	1872	WerFault.exe	128
6668	5200	WerFault.exe	245
6228	4248	WerFault.exe	243
8068	3980	WerFault.exe	308
6640	952	WerFault.exe	240
8908	5648	WerFault.exe	256
9136	6740	WerFault.exe	320
9052	4816	WerFault.exe	367
3312	3120	WerFault.exe	420
9456	4352	WerFault.exe	303
9420	6648	WerFault.exe	317
7928	7700	WerFault.exe	448
5904	5228	WerFault.exe	283
8604	6924	WerFault.exe	426
7172	3112	WerFault.exe	274
10568	8012	WerFault.exe	475
10540	6332	WerFault.exe	390
10268	7640	WerFault.exe	447
10260	7452	WerFault.exe	441
10252	7312	WerFault.exe	437
10244	6544	WerFault.exe	362
10140	5308	WerFault.exe	244
9548	264	WerFault.exe	127
3336	4452	WerFault.exe	179
8976	5928	WerFault.exe	229
10212	3436	WerFault.exe	121
5848	1760	WerFault.exe	107
8744	3536	WerFault.exe	118
10172	3432	WerFault.exe	236
4876	5100	WerFault.exe	126
6048	5344	WerFault.exe	213
10120	5748	WerFault.exe	224
9284	5116	WerFault.exe	157
9716	2828	WerFault.exe	100
5972	4632	WerFault.exe	144
9832	7092	WerFault.exe	331
9824	7492	WerFault.exe	444
9812	3688	WerFault.exe	424
9804	7420	WerFault.exe	439
9796	7500	WerFault.exe	468

System Location Discovery: System Language Discovery 1 TTPs 59 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa48b79da0500f13713d3729f00d1bd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22409.exe

Suspicious use of SetWindowsHookEx 58 IoCs

pid	Process
2572	aa48b79da0500f13713d3729f00d1bd0N.exe
2236	Unicorn-51833.exe
1908	Unicorn-47272.exe
760	Unicorn-32751.exe
2828	Unicorn-19311.exe
4640	Unicorn-33832.exe
4892	Unicorn-33046.exe
3888	Unicorn-21305.exe
3040	Unicorn-31510.exe
4452	Unicorn-20729.exe
1204	Unicorn-31647.exe
4696	Unicorn-12046.exe
1760	Unicorn-37641.exe
2692	Unicorn-55529.exe
1884	Unicorn-55337.exe
740	Unicorn-25161.exe
1924	Unicorn-24896.exe
3100	Unicorn-35663.exe
1900	Unicorn-58217.exe
3712	Unicorn-38351.exe
3832	Unicorn-51511.exe
3436	Unicorn-4911.exe
3536	Unicorn-86.exe
3084	Unicorn-9016.exe
5100	Unicorn-36264.exe
264	Unicorn-11624.exe
1872	Unicorn-24047.exe
428	Unicorn-18318.exe
1824	Unicorn-43145.exe
696	Unicorn-29305.exe
1256	Unicorn-61785.exe
1828	Unicorn-29113.exe
3628	Unicorn-55271.exe
4940	Unicorn-33205.exe
2688	Unicorn-19414.exe
4632	Unicorn-1951.exe
5064	Unicorn-8479.exe
3404	Unicorn-28729.exe
2240	Unicorn-11816.exe
724	Unicorn-47888.exe
3092	Unicorn-45065.exe
2008	Unicorn-42287.exe
3332	Unicorn-19470.exe
5116	Unicorn-61801.exe
1400	Unicorn-9071.exe
1700	Unicorn-22824.exe
1908	Unicorn-8303.exe
1916	Unicorn-46425.exe
1912	Unicorn-56247.exe
2212	Unicorn-31625.exe
4112	Unicorn-31625.exe
640	Unicorn-57399.exe
3412	Unicorn-33161.exe
864	Unicorn-5880.exe
3232	Unicorn-17064.exe
2908	Unicorn-22409.exe
4452	Unicorn-34831.exe
3216	Unicorn-2543.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2236	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	89
PID 2572 wrote to memory of 2236	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	89
PID 2572 wrote to memory of 2236	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	89
PID 2236 wrote to memory of 1908	2236	Unicorn-51833.exe	93
PID 2236 wrote to memory of 1908	2236	Unicorn-51833.exe	93
PID 2236 wrote to memory of 1908	2236	Unicorn-51833.exe	93
PID 2572 wrote to memory of 760	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	94
PID 2572 wrote to memory of 760	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	94
PID 2572 wrote to memory of 760	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	94
PID 760 wrote to memory of 4640	760	Unicorn-32751.exe	98
PID 760 wrote to memory of 4640	760	Unicorn-32751.exe	98
PID 760 wrote to memory of 4640	760	Unicorn-32751.exe	98
PID 2236 wrote to memory of 2828	2236	Unicorn-51833.exe	100
PID 2236 wrote to memory of 2828	2236	Unicorn-51833.exe	100
PID 2236 wrote to memory of 2828	2236	Unicorn-51833.exe	100
PID 2572 wrote to memory of 4892	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	101
PID 2572 wrote to memory of 4892	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	101
PID 2572 wrote to memory of 4892	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	101
PID 2828 wrote to memory of 3888	2828	Unicorn-19311.exe	105
PID 2828 wrote to memory of 3888	2828	Unicorn-19311.exe	105
PID 2828 wrote to memory of 3888	2828	Unicorn-19311.exe	105
PID 2236 wrote to memory of 3040	2236	Unicorn-51833.exe	106
PID 2236 wrote to memory of 3040	2236	Unicorn-51833.exe	106
PID 2236 wrote to memory of 3040	2236	Unicorn-51833.exe	106
PID 4640 wrote to memory of 1760	4640	Unicorn-33832.exe	107
PID 4640 wrote to memory of 1760	4640	Unicorn-33832.exe	107
PID 4640 wrote to memory of 1760	4640	Unicorn-33832.exe	107
PID 4892 wrote to memory of 4452	4892	Unicorn-33046.exe	108
PID 4892 wrote to memory of 4452	4892	Unicorn-33046.exe	108
PID 4892 wrote to memory of 4452	4892	Unicorn-33046.exe	108
PID 760 wrote to memory of 4696	760	Unicorn-32751.exe	109
PID 760 wrote to memory of 4696	760	Unicorn-32751.exe	109
PID 760 wrote to memory of 4696	760	Unicorn-32751.exe	109
PID 2572 wrote to memory of 1204	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	110
PID 2572 wrote to memory of 1204	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	110
PID 2572 wrote to memory of 1204	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	110
PID 3888 wrote to memory of 1884	3888	Unicorn-21305.exe	111
PID 3888 wrote to memory of 1884	3888	Unicorn-21305.exe	111
PID 3888 wrote to memory of 1884	3888	Unicorn-21305.exe	111
PID 2828 wrote to memory of 3100	2828	Unicorn-19311.exe	112
PID 2828 wrote to memory of 3100	2828	Unicorn-19311.exe	112
PID 2828 wrote to memory of 3100	2828	Unicorn-19311.exe	112
PID 3040 wrote to memory of 2692	3040	Unicorn-31510.exe	113
PID 3040 wrote to memory of 2692	3040	Unicorn-31510.exe	113
PID 3040 wrote to memory of 2692	3040	Unicorn-31510.exe	113
PID 2236 wrote to memory of 1924	2236	Unicorn-51833.exe	114
PID 2236 wrote to memory of 1924	2236	Unicorn-51833.exe	114
PID 2236 wrote to memory of 1924	2236	Unicorn-51833.exe	114
PID 1204 wrote to memory of 740	1204	Unicorn-31647.exe	115
PID 1204 wrote to memory of 740	1204	Unicorn-31647.exe	115
PID 1204 wrote to memory of 740	1204	Unicorn-31647.exe	115
PID 4892 wrote to memory of 3712	4892	Unicorn-33046.exe	116
PID 4892 wrote to memory of 3712	4892	Unicorn-33046.exe	116
PID 4892 wrote to memory of 3712	4892	Unicorn-33046.exe	116
PID 1760 wrote to memory of 1900	1760	Unicorn-37641.exe	117
PID 1760 wrote to memory of 1900	1760	Unicorn-37641.exe	117
PID 1760 wrote to memory of 1900	1760	Unicorn-37641.exe	117
PID 2572 wrote to memory of 3536	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	118
PID 2572 wrote to memory of 3536	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	118
PID 2572 wrote to memory of 3536	2572	aa48b79da0500f13713d3729f00d1bd0N.exe	118
PID 4696 wrote to memory of 3084	4696	Unicorn-12046.exe	119
PID 4696 wrote to memory of 3084	4696	Unicorn-12046.exe	119
PID 4696 wrote to memory of 3084	4696	Unicorn-12046.exe	119
PID 760 wrote to memory of 3832	760	Unicorn-32751.exe	120

C:\Users\Admin\AppData\Local\Temp\aa48b79da0500f13713d3729f00d1bd0N.exe
"C:\Users\Admin\AppData\Local\Temp\aa48b79da0500f13713d3729f00d1bd0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 724
      4⤵
      Program crash
      PID:696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 740
      4⤵
      Program crash
      PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        8⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 632
        9⤵
        Program crash
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        9⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        10⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        10⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        9⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        9⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        8⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        7⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        7⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 636
        8⤵
        Program crash
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 716
        7⤵
        Program crash
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        7⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
        7⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 640
        8⤵
        Program crash
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        7⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        8⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        7⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        7⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 632
        7⤵
        Program crash
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        9⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        9⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 668
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        8⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 720
        9⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        8⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        8⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 628
        7⤵
        Program crash
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        6⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        6⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        9⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        10⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        10⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21427.exe
        9⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        10⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        9⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        9⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        8⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        7⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 652
        7⤵
        Program crash
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        6⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 636
        7⤵
        Program crash
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        6⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        9⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        9⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        9⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        8⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 672
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        7⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 636
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        7⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 664
        7⤵
        
        PID:15284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 664
        7⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        6⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 636
        7⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        6⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
        7⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        5⤵
        
        PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        7⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 632
        8⤵
        Program crash
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        7⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 636
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        7⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        7⤵
        
        PID:13260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 724
        6⤵
        Program crash
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        7⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
        5⤵
        
        PID:2248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 636
        6⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        5⤵
        
        PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 636
        5⤵
        Program crash
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
        5⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 632
        6⤵
        Program crash
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        5⤵
        
        PID:2912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 628
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
      4⤵
      PID:6868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 636
        5⤵
        
        PID:11260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 760
      4⤵
      Program crash
      PID:9716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        9⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        9⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        10⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 660
        9⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59949.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        9⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        8⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 632
        8⤵
        Program crash
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        7⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 724
        8⤵
        Program crash
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 716
        7⤵
        Program crash
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        6⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        6⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
        8⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        8⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 632
        7⤵
        
        PID:13096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 772
        6⤵
        Program crash
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 628
        10⤵
        Program crash
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        9⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        10⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        9⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        9⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        9⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        9⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 628
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        7⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        9⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        9⤵
        
        PID:13972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 652
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        8⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56964.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        7⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        6⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 636
        7⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        6⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        5⤵
        
        PID:3980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 624
        6⤵
        Program crash
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        5⤵
        
        PID:1164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 648
        6⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        6⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        5⤵
        
        PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56057.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
        10⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15148.exe
        10⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43228.exe
        9⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        9⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        8⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 632
        9⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        8⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        8⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        9⤵
        
        PID:13768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 636
        7⤵
        Program crash
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        5⤵
        
        PID:5388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 724
        6⤵
        Program crash
        
        PID:3832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 740
        5⤵
        Program crash
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        6⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        8⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 636
        9⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 636
        9⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        8⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        8⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 508
        7⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        5⤵
        
        PID:4060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 736
        5⤵
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        5⤵
        
        PID:5884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 720
        5⤵
        
        PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
      4⤵
      PID:7248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 636
        5⤵
        
        PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1717.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
      4⤵
      PID:12756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        6⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 724
        7⤵
        Program crash
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        9⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        9⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        9⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        8⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 628
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        7⤵
        
        PID:14528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 636
        6⤵
        Program crash
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        6⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
        8⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        7⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        7⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        6⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        7⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        6⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        5⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        6⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
        5⤵
        
        PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
      4⤵
      PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 636
      4⤵
      Program crash
      PID:3712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 636
      4⤵
      Program crash
      PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
    3⤵
    PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
      4⤵
      PID:6920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 636
        5⤵
        
        PID:13692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 636
      4⤵
      Program crash
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        5⤵
        
        PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
      4⤵
      PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
      4⤵
      PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
      4⤵
      PID:9252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
    3⤵
    PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
      4⤵
      PID:11352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
    3⤵
    PID:10352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
    3⤵
    PID:14144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        9⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        10⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        10⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        9⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
        10⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        9⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        9⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        9⤵
        
        PID:14520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 632
        8⤵
        Program crash
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
        10⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        10⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 624
        9⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 632
        8⤵
        Program crash
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        6⤵
        Executes dropped EXE
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        7⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 624
        8⤵
        Program crash
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        6⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        5⤵
        
        PID:1012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 628
        6⤵
        Program crash
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        6⤵
        
        PID:8844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 668
        6⤵
        
        PID:12900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 512
        5⤵
        Program crash
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 640
        6⤵
        Program crash
        
        PID:2112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 656
        6⤵
        Program crash
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        5⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        6⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        6⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 640
        7⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        6⤵
        
        PID:10108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 512
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
        5⤵
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 636
        6⤵
        Program crash
        
        PID:9812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 752
        5⤵
        Program crash
        
        PID:10212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 752
        5⤵
        
        PID:12028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 724
      4⤵
      Program crash
      PID:3448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 776
      4⤵
      Program crash
      PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        8⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 676
        9⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        8⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 648
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        9⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 632
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        7⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        7⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 548
        8⤵
        Program crash
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        7⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        8⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        6⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        5⤵
        
        PID:7452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 636
        6⤵
        Program crash
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        5⤵
        
        PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 724
        5⤵
        Program crash
        
        PID:3108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 744
        5⤵
        Program crash
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
      4⤵
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        6⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        9⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        9⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 736
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30317.exe
        7⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        6⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 640
        7⤵
        Program crash
        
        PID:9804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 480
        6⤵
        Program crash
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        5⤵
        
        PID:4816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 636
        6⤵
        Program crash
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        5⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        6⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        5⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        5⤵
        
        PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
      4⤵
      PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 636
      4⤵
      Program crash
      PID:3080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 636
      4⤵
      Program crash
      PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        6⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        5⤵
        
        PID:5392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 636
        6⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
        5⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        6⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
        5⤵
        
        PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        5⤵
        
        PID:6788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 668
        5⤵
        Program crash
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        5⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        5⤵
        
        PID:10716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 632
        5⤵
        
        PID:13008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 628
      4⤵
      Program crash
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
    3⤵
    PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        7⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 648
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        5⤵
        
        PID:7500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 640
        6⤵
        Program crash
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        5⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        6⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        5⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        5⤵
        
        PID:9016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        7⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        6⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        5⤵
        
        PID:10232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 676
        5⤵
        
        PID:15252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 676
        5⤵
        
        PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        5⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
        6⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        5⤵
        
        PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        5⤵
        
        PID:13208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 632
      4⤵
      PID:12612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
    3⤵
    PID:8612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
    3⤵
    PID:9376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
    3⤵
    PID:14124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 728
      4⤵
      Program crash
      PID:4876
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 768
      4⤵
      Program crash
      PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 560
      4⤵
      Program crash
      PID:448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 764
      4⤵
      Program crash
      PID:1052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        5⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
        6⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 648
        7⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        6⤵
        
        PID:9208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 504
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        5⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        6⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        5⤵
        
        PID:14160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21183.exe
    3⤵
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        6⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        8⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 664
        7⤵
        
        PID:12244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 744
        6⤵
        Program crash
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        5⤵
        
        PID:7288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 640
        6⤵
        
        PID:9780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 764
        5⤵
        Program crash
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
      4⤵
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        6⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        5⤵
        
        PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
      4⤵
      PID:7876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 632
        5⤵
        
        PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
      4⤵
      PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
      4⤵
      PID:13764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
    3⤵
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
    3⤵
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
      4⤵
      PID:4532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 624
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
      4⤵
      PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
        5⤵
        
        PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
      4⤵
      PID:12688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
    3⤵
    PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
    3⤵
    PID:10756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
    3⤵
    PID:12268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 720
        5⤵
        Program crash
        
        PID:3440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 720
        5⤵
        Program crash
        
        PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        9⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        7⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 636
        8⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
        7⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        6⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 648
        7⤵
        Program crash
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        7⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        7⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        6⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        7⤵
        
        PID:14560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 668
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        5⤵
        
        PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        6⤵
        
        PID:11432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 676
        5⤵
        
        PID:10344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 676
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
      4⤵
      PID:6544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 636
        5⤵
        Program crash
        
        PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
      4⤵
      PID:10184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
      4⤵
      PID:952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 716
        5⤵
        Program crash
        
        PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
    3⤵
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
      4⤵
      PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
      4⤵
      PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
        5⤵
        
        PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
      4⤵
      PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        5⤵
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
      4⤵
      PID:12500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      4⤵
      PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        5⤵
        
        PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
      4⤵
      PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
        5⤵
        
        PID:9468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 748
    3⤵
    - Program crash
    PID:8744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        8⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 632
        8⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 632
        8⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        7⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 748
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20230.exe
        7⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 656
        7⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        6⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        7⤵
        
        PID:14328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 508
        6⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        6⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        5⤵
        
        PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        5⤵
        
        PID:4040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 636
        6⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        5⤵
        
        PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        5⤵
        
        PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
      4⤵
      PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
      4⤵
      PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        5⤵
        
        PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
      4⤵
      PID:13200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
  2⤵
  PID:4520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
  2⤵
  PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
  2⤵
  PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50854.exe
    3⤵
    PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
      4⤵
      PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe
      4⤵
      PID:15096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 632
    3⤵
    PID:13088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
  2⤵
  PID:8668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
  2⤵
  PID:11124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
  2⤵
  PID:12348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
  2⤵
  PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1908 -ip 1908
1⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1908 -ip 1908
1⤵
PID:1392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4452 -ip 4452
1⤵
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4452 -ip 4452
1⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3712 -ip 3712
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3832 -ip 3832
1⤵
PID:1180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4640 -ip 4640
1⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4640 -ip 4640
1⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3832 -ip 3832
1⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3712 -ip 3712
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1828 -ip 1828
1⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1828 -ip 1828
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2688 -ip 2688
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 724 -ip 724
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3628 -ip 3628
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3404 -ip 3404
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3092 -ip 3092
1⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2240 -ip 2240
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5064 -ip 5064
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3332 -ip 3332
1⤵
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1204 -ip 1204
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3092 -ip 3092
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2240 -ip 2240
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3332 -ip 3332
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5064 -ip 5064
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1204 -ip 1204
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4112 -ip 4112
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3404 -ip 3404
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2688 -ip 2688
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 724 -ip 724
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3628 -ip 3628
1⤵
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3064 -ip 3064
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1012 -ip 1012
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4520 -ip 4520
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1756 -ip 1756
1⤵
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3064 -ip 3064
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1012 -ip 1012
1⤵
PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4520 -ip 4520
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1756 -ip 1756
1⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4940 -ip 4940
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2008 -ip 2008
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5388 -ip 5388
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5216 -ip 5216
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5284 -ip 5284
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5188 -ip 5188
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4112 -ip 4112
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5632 -ip 5632
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5652 -ip 5652
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4940 -ip 4940
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5912 -ip 5912
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1400 -ip 1400
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6004 -ip 6004
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2212 -ip 2212
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1872 -ip 1872
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2008 -ip 2008
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5284 -ip 5284
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5652 -ip 5652
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5188 -ip 5188
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5912 -ip 5912
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1916 -ip 1916
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1824 -ip 1824
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1400 -ip 1400
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6004 -ip 6004
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2212 -ip 2212
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 952 -ip 952
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5200 -ip 5200
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1872 -ip 1872
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4248 -ip 4248
1⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1916 -ip 1916
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1824 -ip 1824
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5200 -ip 5200
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 952 -ip 952
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4248 -ip 4248
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5388 -ip 5388
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5216 -ip 5216
1⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2196 -ip 2196
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4040 -ip 4040
1⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3028 -ip 3028
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 1480 -ip 1480
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5632 -ip 5632
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5492 -ip 5492
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5884 -ip 5884
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 4880 -ip 4880
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4420 -ip 4420
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3052 -ip 3052
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4176 -ip 4176
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 3664 -ip 3664
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3640 -ip 3640
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5628 -ip 5628
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3980 -ip 3980
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5496 -ip 5496
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5612 -ip 5612
1⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4060 -ip 4060
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2196 -ip 2196
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1184 -ip 1184
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 4876 -ip 4876
1⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4560 -ip 4560
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4996 -ip 4996
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6156 -ip 6156
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6168 -ip 6168
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2460 -ip 2460
1⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4040 -ip 4040
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4088 -ip 4088
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6748 -ip 6748
1⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 220 -ip 220
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3028 -ip 3028
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5492 -ip 5492
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5884 -ip 5884
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4880 -ip 4880
1⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 1480 -ip 1480
1⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4420 -ip 4420
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3052 -ip 3052
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1256 -ip 1256
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5696 -ip 5696
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3412 -ip 3412
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1912 -ip 1912
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5660 -ip 5660
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5404 -ip 5404
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5420 -ip 5420
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5960 -ip 5960
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5300 -ip 5300
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 4696 -ip 4696
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1908 -ip 1908
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 1900 -ip 1900
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5724 -ip 5724
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1924 -ip 1924
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4176 -ip 4176
1⤵
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3664 -ip 3664
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5596 -ip 5596
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3640 -ip 3640
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3980 -ip 3980
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5628 -ip 5628
1⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5496 -ip 5496
1⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 6680 -ip 6680
1⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5612 -ip 5612
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 4876 -ip 4876
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 4060 -ip 4060
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 1184 -ip 1184
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4560 -ip 4560
1⤵
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4996 -ip 4996
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6156 -ip 6156
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6168 -ip 6168
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2460 -ip 2460
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 4088 -ip 4088
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2300 -ip 2300
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 220 -ip 220
1⤵
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6748 -ip 6748
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5196 -ip 5196
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7140 -ip 7140
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6788 -ip 6788
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6816 -ip 6816
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6548 -ip 6548
1⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 1256 -ip 1256
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6048 -ip 6048
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5696 -ip 5696
1⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 1912 -ip 1912
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5660 -ip 5660
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 3412 -ip 3412
1⤵
PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5420 -ip 5420
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5300 -ip 5300
1⤵
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1908 -ip 1908
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 1900 -ip 1900
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5404 -ip 5404
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5960 -ip 5960
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5648 -ip 5648
1⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 4696 -ip 4696
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2540 -ip 2540
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5724 -ip 5724
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1924 -ip 1924
1⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5596 -ip 5596
1⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7144 -ip 7144
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4316 -ip 4316
1⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6180 -ip 6180
1⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5732 -ip 5732
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6592 -ip 6592
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 2912 -ip 2912
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6920 -ip 6920
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 3332 -ip 3332
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5756 -ip 5756
1⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4816 -ip 4816
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6740 -ip 6740
1⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6680 -ip 6680
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 2300 -ip 2300
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5228 -ip 5228
1⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3112 -ip 3112
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6924 -ip 6924
1⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7700 -ip 7700
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6816 -ip 6816
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5196 -ip 5196
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3120 -ip 3120
1⤵
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6548 -ip 6548
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6788 -ip 6788
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7140 -ip 7140
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6048 -ip 6048
1⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6648 -ip 6648
1⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 4352 -ip 4352
1⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 7092 -ip 7092
1⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7420 -ip 7420
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 3688 -ip 3688
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7248 -ip 7248
1⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7288 -ip 7288
1⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7500 -ip 7500
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7492 -ip 7492
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1164 -ip 1164
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5912 -ip 5912
1⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 4632 -ip 4632
1⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5116 -ip 5116
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2828 -ip 2828
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5748 -ip 5748
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 5344 -ip 5344
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 5100 -ip 5100
1⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3432 -ip 3432
1⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3536 -ip 3536
1⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 3436 -ip 3436
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 1760 -ip 1760
1⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5928 -ip 5928
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 4452 -ip 4452
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 264 -ip 264
1⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5308 -ip 5308
1⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6544 -ip 6544
1⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7312 -ip 7312
1⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7452 -ip 7452
1⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7640 -ip 7640
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 6332 -ip 6332
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 8012 -ip 8012
1⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5392 -ip 5392
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 7884 -ip 7884
1⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2540 -ip 2540
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6868 -ip 6868
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4316 -ip 4316
1⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5732 -ip 5732
1⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7144 -ip 7144
1⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6592 -ip 6592
1⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6180 -ip 6180
1⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2912 -ip 2912
1⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 3332 -ip 3332
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6920 -ip 6920
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5756 -ip 5756
1⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6784 -ip 6784
1⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7876 -ip 7876
1⤵
PID:13468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 4040 -ip 4040
1⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6256 -ip 6256
1⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6160 -ip 6160
1⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 5608 -ip 5608
1⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 7268 -ip 7268
1⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2248 -ip 2248
1⤵
PID:14216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 8184 -ip 8184
1⤵
PID:14256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3308 -ip 3308
1⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1608 -ip 1608
1⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 4328 -ip 4328
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5380 -ip 5380
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 544 -ip 544
1⤵
PID:13668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4300 -ip 4300
1⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6676 -ip 6676
1⤵
PID:13888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6836 -ip 6836
1⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8100 -ip 8100
1⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5776 -ip 5776
1⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6436 -ip 6436
1⤵
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 3584 -ip 3584
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7916 -ip 7916
1⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6956 -ip 6956
1⤵
PID:14768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8064 -ip 8064
1⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6756 -ip 6756
1⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 7776 -ip 7776
1⤵
PID:14356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4532 -ip 4532
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6428 -ip 6428
1⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 8132 -ip 8132
1⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 7232 -ip 7232
1⤵
PID:15064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6216 -ip 6216
1⤵
PID:15076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 3056 -ip 3056
1⤵
PID:15112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5428 -ip 5428
1⤵
PID:10436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe

Filesize
468KB

MD5
6147a2d94024a5acb4953f2fdf0ecc4d

SHA1
7b931e80f942dbcd7ff7b536636da7d94bad3ee4

SHA256
18be793e8c82c97fa2fb7e4cc6fd7b12946b5914f7cc3449f9e4c91e813f5ce3

SHA512
79b7b30e82fe911d25ce395900014d984c3a7212def4cecc5d9db6f61fe2ba2742a1060cb3985381ee5c43c5ad4b90829b72b2b7f5934adb18636e28851be535

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe

Filesize
468KB

MD5
c6758a93079396e705da6ba39afa7a54

SHA1
86da76d7f45072df15f3961cf65913d24ce3c7b7

SHA256
17f0a2a9a958b1754ac24b6b5e23a663e5cf465873f92061f282a12e0c65dcc7

SHA512
cc2dca7a0d39f8044845be092f6a5d4a06df1cdabe53380e08277694691e0dcf3d856a9b9768d6e24bf49720adee0f482d935b7eb357c0da8846bca3df598cc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe

Filesize
468KB

MD5
a9276068b2fbed37b737a3ce774f6703

SHA1
1ce2b8c4e0fa7635cf37dca7db06f9ec09ca1c37

SHA256
5e569e687f4dcca9ce0d081771ff5e2cfd5d62a36a0dd57ea52b7a129a3af2fb

SHA512
00d4e199086fb52484e12bf8f8f7a01d711a64d058a6dea49125f62c69858b3546bfcf5e627c7c1a7e861035698e6e3bab194a7efc0feffcd786e837c4fc3a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe

Filesize
468KB

MD5
aad00c7a3af90a3e28a912b350d3e63c

SHA1
b76ebd807e5f5ce746e267130dd142bfa73a76d5

SHA256
25af00ebe806979f0033fd1e7c49145f9fefcd7aa35ff77348a561afc87f5b38

SHA512
998eaec72dace2584d942975efe5f7571cc5443665bc1e041ccc21ab565d4da48ec953a82e029c0ed1dd6bbaab0af7fb7bf0fa2a9cf676bfa617e931345f9db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe

Filesize
468KB

MD5
8b795c9ff8a0c279d0d3c2eed75c309f

SHA1
156071ae0bae171f8cc43f5a02cb33d3e23dd324

SHA256
402e09f8d741b407aa805ed4a56acc378aae2f7584e2dd0c59725f154db26618

SHA512
9a600745eba0608a169eb8fa1158fdac61d6f056b80f7d036576539af57962a0d7ef39b43516a8e0915a08fc1e2c5f904df1862ff46ec93ca894ff04dcd60627

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe

Filesize
468KB

MD5
f5131c407fbb72cd5ee5d9a2d7ffd9c3

SHA1
74b72295e2485aa3bf51a57affecff96a0ce8058

SHA256
b850c27180fb95b42cdd5c58be0233f1e97c108623c28f2d620d8b92b3eef559

SHA512
7252e4494825f2851ba7ee47495704803e1f4da7175cb7b27c639750b126559a4660f9edfe8d7b734bacaae5a5c7d13d50009ec738d8f3548e2ad1d95c236c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe

Filesize
468KB

MD5
734da06fd08c5b9cca45bc8b3c1bc6b4

SHA1
834f392d5b963b8350f30bc91f1a720b28bd8a82

SHA256
02f4bdf3354b426fe4a5e76d6f95d5fe7281830e2a01f1e87565d2020d6c589d

SHA512
d6297e602426c83df9bb228e6d7e9de0d250162b474f197edd65401d1eac2cb54f1631f25552a34d234f4fbe45b175364d7f29bed7d25f045afb907600fdbf56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe

Filesize
468KB

MD5
3c94b371b635be7fb3639696f0b3c858

SHA1
6a91a0f3f6189601b310a65a2e2b58577356c587

SHA256
4ce57f68159c956ea6ba991999f62634c78b837c1af88943a698e9973cbcf1b9

SHA512
0c72c7dea0f62068a9dc928a96bc960766007e2e7ef86825533d6523a8fd1114d3b4a82c7be06f7507895eb4a89fa3e860004d21390b60ec72bc327421c73fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe

Filesize
468KB

MD5
44a4a3d34eea2399f981383f918c8682

SHA1
0f9817edcfbd862721a6a10901ccd3f58d9beb01

SHA256
56f90ae1e580e26a834141e0df98967abaec3df0d765a1268d5bea7ec5de9882

SHA512
80f8cea5c78893be57a9aab04b33ffb92632f312ca01210835b4a1a9a7254b34d4f560721db79bdece0619008dd8bb60a9c61a6fb00197b7f7b4c00ed83adc89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe

Filesize
468KB

MD5
2b5ccaa8784dab53620ae0054aa540e9

SHA1
76d6ff6824e1675a9df1d92e964da9b28c18f9a6

SHA256
56316e502aa06e0ad2ab8bc926e8d555dc334e705165e554bdd79b1d11ef1d2e

SHA512
76631c8b29156d2c21d5138127261b343158eff606d220aefec5ee985c11bdf37f2cf9e0059111192145ae30d7573699f0120e3dd769cf2db21493bb875c8c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe

Filesize
468KB

MD5
58b7e495de9cc32cc3d04a7b0302849b

SHA1
6e725246d5f6e69c6ae0c49d74fc7add9546b822

SHA256
771b34928a80b17b2922ae458213ca8dbb7494bc11f7f53a7551d2ad4b1f5067

SHA512
73cc86f3dc3770bf3822b9a003e24d68a407add26cd81d709b4510dabb05f91efac2a5e018fd48970b308421096e9c8ce1284c5d9ddc32086b1ce65583cad5b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe

Filesize
468KB

MD5
7d9c2e493127cdde208e86807a5d8f95

SHA1
ab40b148d38057849b582ceabd08cb8e794ff6b6

SHA256
a4b5b4457dffaf17cb66bab13b0eab0847d21a1b0b581c03bcbe72a9fea3cc90

SHA512
b464a9a7822e6c1183db76b8370e130093308d50c9905a8724fd6e6ce862b26a81817b89f00ce55e9269b21e226ce76cbaa8a5c294800a39fd39b11504758ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe

Filesize
468KB

MD5
4816079efd24ae4936462d48a4a209b3

SHA1
a01f3051c8962784d5839ee153a57ce84b9e3923

SHA256
b29f441ae840bf3380526e09846748ad1d8609bb08e0e3d855add97da2820f55

SHA512
266c65c8641dda843e8740e7e6dbdb40cc65e9d112df437020742db100881bf11d4bb5f26c786b0bced0acc38470ecd0d7f0c02c080fd122f308eb7eea17178a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe

Filesize
468KB

MD5
ce1f20aa3cd6a8caa67a5b7f05b9a6ac

SHA1
1ad4a3c4d590f9ca12e978ba08d2088cbd07cff3

SHA256
d8b41d7d72749c9021a4243fe18e1d37925048142f290e2a55a265f543a089bb

SHA512
7f6a7e65569ab7fea33b68b80320c3da8ccfef3b264508a0bb339852f9c17abfbe2ccf7f416bdebd6d51e97f336d403263b19429402a10e34773b8b07c2d06b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe

Filesize
468KB

MD5
44f16616dc5cbcd1d1b9da5aece16261

SHA1
024448e30596ad9f96aae202df37d6854358e149

SHA256
6e21d6e567058649df8b1cdc5636c11abd1b882b351f975ede87e8e184054540

SHA512
27d2184382837395df0bf06ecc0615d94f208e7f582dad2e2b62fda7cd4b2c92052b530bd9227cbfe905ba24774ba9eec8791acb0e4fa6c0f9e3880aada31544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe

Filesize
468KB

MD5
26210321e00a8e3883ef07994cee19e3

SHA1
6da442211495268ab726158510a12d72923ac516

SHA256
c2890d4dff775c163d9eb4e24506b5dd8c64d89e7c32b23e16404f0f790b8a1f

SHA512
d31345f63e31e816f3fe0416dc9b58645e1a29e886dfe52e87f5a3e9f0e0c91fa6cffa85136daa13fd6115cb6ba1a9021b7277618bf703e99e6277c2fc382f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe

Filesize
468KB

MD5
cdc03c903d09f709ebe9ac1c28cb85eb

SHA1
1756cd21957790d6aea63789b2e7baf387fddd38

SHA256
d37f3a5d2ae8c83b25e48e42fffc3859089072abb2327d2e904931d41643d607

SHA512
a688d910059cd10ada334f90d9c0e8055fec07b8efb4ecd05a8ff914d57ebfdaf74adb35a58eb9264f3e28168b083efc45d8410b144ec6fe5d3ed8369ffaf570

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe

Filesize
468KB

MD5
e0d30b6379e6321e25b37c84e3280aab

SHA1
86bc63f4303fab7e9bcc7183989516fec47784fa

SHA256
c69c044d25935bff5f746e118437a2bb86d808989b329a0bb452d88ac9e3e279

SHA512
699899088c7a6058743c143c7c0324c017c02e14cc6db3d79cf5ea4f765626968cc515db395782cd0782ac287466d114fdae91e449ba6d28922fd0c711e5ea59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe

Filesize
468KB

MD5
57be3b3ebe7869478b2a779295de50f2

SHA1
4d5c79b70eab14b27bab39589f03ed4eb5db20c1

SHA256
9830b2519b44bf702a63d0ae4bb544e431dc6269793077a39c6b646c23a6bc6f

SHA512
e02e862af1f6890c84b2758d99e9c949b5da68d4c6eef60081a4cc63ffebf4e4fc0abf0d9a834933934655cf1d4a63455f01ac936920c6fc0ec59992e7d9f7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe

Filesize
468KB

MD5
62f4754c84bb4badf99b4b992b5cf7fa

SHA1
441df70313dcb336c093f420331b341b17fad705

SHA256
0f64ff1cb1fc7e88550efe067f1b3ad0e6c2acafb5c81b88139deb1169ccbe1d

SHA512
76f9b68461e12732f6ba7d0841351d2ed2c5eb4e5cb26f5b504ccaa6de7b047b1df20602ab61cdbdaeaa1f833aa930c9af10aaf2c387547a9e8ad4ff42c12db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe

Filesize
468KB

MD5
0e69d31d16deca9a5ae085ff08256fb8

SHA1
be68e6705d8e45b2c468f3445883f4f07f4f51b0

SHA256
c96895ef662ddd580d0acc55e17ab850c7c6218fa4c9d33958c50de9bfc52c9b

SHA512
c1c20acec210b6a13a1e3cd9bc6e0ecf95fb91fa8458866bcd70f33710e93ff94cce976be3a1acf9aa16067da2a9f000e4ee6f561876a9b2b1814a85432153d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe

Filesize
468KB

MD5
182bbb7d188ea5bd1909a90b5dd85494

SHA1
0c6332b34556315bd5deadf8c18c2d6f502a9933

SHA256
77248b8ab50e710325df01e10e4675363044a39674ac22d5e4a96226dbe3135c

SHA512
a8959574672267dd80596d17c83154a7f0d94bbbd2d4a8878566ed58a0018ac807d16c1b5593866e6cf9261b1a595246cb56b0b077bcc5d66416fb026c450fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe

Filesize
468KB

MD5
aed7ed9ef41f9f273c931ee414e5aecb

SHA1
e3164b664325965c791b5bc8b31843fa1d229ff9

SHA256
78cd0059a54ca7cf6cb156fdded91fef1a6f26fbae0272551e3eb5369ed9a111

SHA512
b3042b5be506c446a203c9cad2066fa8c3bcfdf94b725081b63e6c3ea93efe17e2d904c6691fb39d392f26e18cd06f84244950f914bcda9df1ee59fa57f2fcf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe

Filesize
468KB

MD5
17a78dae75e8db21470f1a8f7d22b845

SHA1
ab55b3bcad313a1c3e76bdaddcc4100be0c18347

SHA256
24a2ce41c4b5452020def4fbfe5c90bf82e2851dd4cf59e88a110f222ca54c70

SHA512
7a145632dcb872e13b9b1477f915a9559ba0939e90f089663d942ff49c2fb115666ef904560224c3d1e22780ace1fa547aad6fa00c1b5a9fd5cb4f71d7cb5764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe

Filesize
468KB

MD5
918ae728ea5d1420cd4bf90dc0e0c42a

SHA1
ad86fdf6472685644a441bd0dbc59ef972bf8a1e

SHA256
d5e1ac1899d5e5f11ae392433b441e160e47dd2b5d2bebfce129e90d5bb9384c

SHA512
6569aa332648635c2e88b5863df014b3e4c17aebb5f25ca73b59e76f91640fb8c5acc426b284fc2d63447a9f7224d506d15ca1ae0d381dc1f28e4848f74b1f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe

Filesize
468KB

MD5
15f8a39909389b2ea21da9083c4b5ec5

SHA1
b717ac30a66a380ee0fade3174bef0e76a0b5ae9

SHA256
8de86574c83b6c31f242e06b37e83da2f218b432ae0cb15b8f9d0ba325202423

SHA512
10d8bd7d731765a95f8474c83272abc73d1179c32c9976860f3c085c68cad3edc09153f079234475bd877d0a9031c4f8af96d3cc1d0ac5cbf76081c848226e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe

Filesize
468KB

MD5
185216e960ab2464c9d9a04f71f3d089

SHA1
f6d9690b83a4d7c6ff91ac4a351db767961f79f1

SHA256
4c31059394bdc7b67bb6c1b247fb026863a69a2c3e98b69c153468fa4a3eaa96

SHA512
36c2c6d57df401f539979a43c894730b81f34676afe866c80eb8b72eb869fed27634742590ec184122414a4038bce05859a6e39ea28d6ac06c4411c60bda31db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe

Filesize
468KB

MD5
d99f327a8e329613bf44dbddf19b8d7c

SHA1
ede2c1f8b84673cd59c5e597332bbef501187fe4

SHA256
2812a1482563f5dd96926502886630613cade9ca7a24874f7bd467449f457fec

SHA512
e112f9058519b0b5481dde2ef094fcd43343b99c73fdc7f4275b2c19073aeadb1aa5c541dd29eecf40d50ef202a910a720c3698e537fd5c266ae17966b80d922

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe

Filesize
468KB

MD5
27efa344c901e78afd14b87e1ecd51d3

SHA1
9c85cbe1b803fe3efa8a2a9d08a84dd785c8559a

SHA256
cfd74e99f89be1b98e320144a3af160b7c87b8db318a2a53d9d4f1e7eed6fd5a

SHA512
811a6dd3b6f70b53944e34f8237d6ed5170b14bb2ca4d2cdbab0647d132f84818465d73a92de7498cca9b134d9d491b82dca38e4fa6b423040f94d740449fc49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe

Filesize
468KB

MD5
d6c61a619e8832f3262d97d40fdfe9c2

SHA1
ab8ecefee8f80bb567e2b050cfa55b2941508382

SHA256
3aa1b84ea9b7a0e7f70f73c70b0b318ab1c9ceb0a10031c2a223c5894e9c9890

SHA512
b1a6bf56137e6b888be5ed2da6adcbcc7c859cb38aae95b9e27b214a236cd1a4501fabda0965332e3536aa06c861a37608e6365be67ee0b74d117ab7f5533021

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe

Filesize
468KB

MD5
0c87ec1e7c7ed1c3cfcdfc087fe066bf

SHA1
413a84857fb4612df3e0aa0ad60b03083861d8a3

SHA256
7acd3d885fa76037fd32382a34a078a9fc1c5e359e2396b9e429c50f278b6c26

SHA512
f9e9106c2b637735abcc0a78e1e15534dba8333438170fee61fc5c2c3ad3523882fe29620f15de3368b5ace484dfcde67e522597289197973ac2cd0f57ea9703

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe

Filesize
468KB

MD5
0b4b1720e22041ac6407529705626b29

SHA1
0286c4e8f354e75f73609ff16411ddfca1326de2

SHA256
4e652f71baed4ae87393a39431f11090a33040707bd062346ec69850121ddd28

SHA512
ec871f5070adcd2e82055d0cc1b42998ec3847cf2f663383f5f4adbcd593b296e54c6676218ee027acf6728bd93aeee22aa087838562bc94a0ebf19df8d57b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe

Filesize
468KB

MD5
225eec49b9f77371106deade96cf3e4f

SHA1
b4397c19516fb9e65507d1de80ae90873e234051

SHA256
85ea58f684ac806a768d4cce62f44c691905978efee4736088879e2365bb5c11

SHA512
5839388c0a5747b1fb6cc98f34b6ed374efbebf2d2ed0c4d27d1f4d57f9118ffd8a16b54a9c723eb06c6e375eaf6e5aa8ff86bc0fc88b041bab4d6093e6053a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe

Filesize
468KB

MD5
5149d96c8ef129e84fe8463969643c48

SHA1
f9378940147f2665cbb92bf1ed3f7d325d85d249

SHA256
57e40add31d8beee71e4dd42811be8d25a3dfb330e3681d2855b77f409d6ef40

SHA512
5699d4bb270e48d915eb73ac51dc909a9767737375e126c7cdd1b0df2fa323f37eee9b20ec433ae8d4c4afcc9aa7c2465d5e8a08f17bf204b0caa5fd3bfe0a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe

Filesize
468KB

MD5
3cae94fd9845531318e42d1159426858

SHA1
b39b86d4027468366b437c68b38029ce9b90a366

SHA256
eb48eedb97d0c97cf4589883a975bf57c74241aaca9839e0f6628809c3d20b5c

SHA512
aeb0e9d7173489dd43733d6312be1bfaf6ec816685cea18cd116709fa8f6416bbf3e8ee1ee9306cd42ea2d3f753c84c6799cb3fa695464153b18aa0f226343e8

Download Submit
memory/13484-2620-0x00007FFC29270000-0x00007FFC29465000-memory.dmp

Filesize
2.0MB

Download
memory/14580-2549-0x00000000759E0000-0x0000000075B3D000-memory.dmp

Filesize
1.4MB

Download