8173dd352fa77d27cae8a5f687c15d81fea3939ecddc790eb0f25958f9550f82

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0f42efdd422c8b6146ffadbd4d788c0N.exe
Size

468KB
MD5

a0f42efdd422c8b6146ffadbd4d788c0
SHA1

23a7f44656cf7173eae43990086c49965e6b2d3e
SHA256

8173dd352fa77d27cae8a5f687c15d81fea3939ecddc790eb0f25958f9550f82
SHA512

6595646cd45e61ddb98470fa6ac7c4e0756bdc881fb22f5ced6539a830e3aa52aac514c38e07f839d4712d5ded98b236d491ae801c72a9135287cc1a8d488bf2
SSDEEP

3072:1G3HogISIE5TtbY2HncOcf8/vChaP0p2JVHeT1PMQ7NL67vgEElG:1G3obMTtxHcOcfSYHqQ7p4vgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3684	Unicorn-31940.exe
3748	Unicorn-1187.exe
1740	Unicorn-22354.exe
4956	Unicorn-19636.exe
2836	Unicorn-65307.exe
2080	Unicorn-3299.exe
3068	Unicorn-62706.exe
4552	Unicorn-35692.exe
4384	Unicorn-19356.exe
432	Unicorn-19356.exe
1860	Unicorn-21393.exe
1156	Unicorn-31343.exe
856	Unicorn-11742.exe
3928	Unicorn-45972.exe
4012	Unicorn-50419.exe
3676	Unicorn-17000.exe
3028	Unicorn-663.exe
3200	Unicorn-21276.exe
3248	Unicorn-21010.exe
4060	Unicorn-54311.exe
2916	Unicorn-8639.exe
4428	Unicorn-10677.exe
4392	Unicorn-62479.exe
2476	Unicorn-44826.exe
3772	Unicorn-64384.exe
3284	Unicorn-32266.exe
1780	Unicorn-39688.exe
2076	Unicorn-63490.exe
4808	Unicorn-53284.exe
2212	Unicorn-36948.exe
3692	Unicorn-25058.exe
3440	Unicorn-24504.exe
3780	Unicorn-65152.exe
4152	Unicorn-53455.exe
1576	Unicorn-7783.exe
4408	Unicorn-48816.exe
4160	Unicorn-48816.exe
1588	Unicorn-12614.exe
1940	Unicorn-15182.exe
3068	Unicorn-20782.exe
1960	Unicorn-31717.exe
2176	Unicorn-40383.exe
1644	Unicorn-34517.exe
4380	Unicorn-42184.exe
4432	Unicorn-1898.exe
5012	Unicorn-25848.exe
4204	Unicorn-60366.exe
2280	Unicorn-51504.exe
3712	Unicorn-3050.exe
388	Unicorn-27000.exe
3612	Unicorn-51047.exe
2488	Unicorn-22724.exe
2444	Unicorn-51675.exe
3152	Unicorn-55204.exe
2276	Unicorn-38868.exe
2356	Unicorn-11239.exe
4860	Unicorn-56911.exe
1016	Unicorn-64332.exe
4816	Unicorn-62286.exe
3952	Unicorn-40020.exe
1524	Unicorn-40020.exe
2220	Unicorn-23492.exe
3124	Unicorn-6771.exe
2648	Unicorn-23854.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4284	3068	WerFault.exe	93
2280	3748	WerFault.exe	88
1900	3748	WerFault.exe	88
2408	3068	WerFault.exe	93
4972	1156	WerFault.exe	103
1944	1156	WerFault.exe	103
1964	3200	WerFault.exe	118
3856	4428	WerFault.exe	122
1468	2080	WerFault.exe	92
3484	2080	WerFault.exe	92
3784	3200	WerFault.exe	118
1724	4428	WerFault.exe	122
3856	3440	WerFault.exe	138
456	1576	WerFault.exe	142
4824	1588	WerFault.exe	145
2812	2176	WerFault.exe	150
4456	1960	WerFault.exe	149
5260	1576	WerFault.exe	142
5480	1588	WerFault.exe	145
5404	2176	WerFault.exe	150
5396	1960	WerFault.exe	149
6568	4408	WerFault.exe	228
6900	4060	WerFault.exe	221
6288	640	WerFault.exe	218
7164	2720	WerFault.exe	188
8796	3040	WerFault.exe	215
8932	872	WerFault.exe	233
8956	1132	WerFault.exe	212
8952	5628	WerFault.exe	249
9060	5444	WerFault.exe	244
9024	5216	WerFault.exe	237
456	3692	WerFault.exe	137
4544	5692	WerFault.exe	250
1400	2276	WerFault.exe	173
6660	5592	WerFault.exe	248
8960	5492	WerFault.exe	247
8516	4400	WerFault.exe	220
9368	7652	WerFault.exe	460
9624	5656	WerFault.exe	352
9616	7060	WerFault.exe	397
9608	2336	WerFault.exe	383
9600	6080	WerFault.exe	390
9928	5568	WerFault.exe	350
9920	6644	WerFault.exe	363
9912	7160	WerFault.exe	386
9904	6872	WerFault.exe	395
9896	6588	WerFault.exe	367
9888	6604	WerFault.exe	382
9880	7116	WerFault.exe	344
9872	1572	WerFault.exe	364
9864	5324	WerFault.exe	403
9856	6440	WerFault.exe	360
9848	6820	WerFault.exe	370
9840	7076	WerFault.exe	391
10352	4176	WerFault.exe	189
10344	7236	WerFault.exe	409
10460	8080	WerFault.exe	436
10452	7360	WerFault.exe	446
10444	7580	WerFault.exe	452
10436	8176	WerFault.exe	441
10428	8128	WerFault.exe	439
10420	8072	WerFault.exe	435
3256	2220	WerFault.exe	182
10212	5792	WerFault.exe	257

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0f42efdd422c8b6146ffadbd4d788c0N.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
812	a0f42efdd422c8b6146ffadbd4d788c0N.exe
3684	Unicorn-31940.exe
3748	Unicorn-1187.exe
1740	Unicorn-22354.exe
2836	Unicorn-65307.exe
4956	Unicorn-19636.exe
2080	Unicorn-3299.exe
3068	Unicorn-62706.exe
4552	Unicorn-35692.exe
432	Unicorn-19356.exe
4384	Unicorn-19356.exe
1860	Unicorn-21393.exe
856	Unicorn-11742.exe
1156	Unicorn-31343.exe
3928	Unicorn-45972.exe
4012	Unicorn-50419.exe
3676	Unicorn-17000.exe
3028	Unicorn-663.exe
3200	Unicorn-21276.exe
3248	Unicorn-21010.exe
4060	Unicorn-54311.exe
2916	Unicorn-8639.exe
4428	Unicorn-10677.exe
4392	Unicorn-62479.exe
2476	Unicorn-44826.exe
3772	Unicorn-64384.exe
3284	Unicorn-32266.exe
1780	Unicorn-39688.exe
2076	Unicorn-63490.exe
4808	Unicorn-53284.exe
2212	Unicorn-36948.exe
3692	Unicorn-25058.exe
3780	Unicorn-65152.exe
3440	Unicorn-24504.exe
4160	Unicorn-48816.exe
4152	Unicorn-53455.exe
1576	Unicorn-7783.exe
4408	Unicorn-48816.exe
1960	Unicorn-31717.exe
2176	Unicorn-40383.exe
1588	Unicorn-12614.exe
3068	Unicorn-20782.exe
1940	Unicorn-15182.exe
1644	Unicorn-34517.exe
4380	Unicorn-42184.exe
4432	Unicorn-1898.exe
5012	Unicorn-25848.exe
4204	Unicorn-60366.exe
2280	Unicorn-51504.exe
3712	Unicorn-3050.exe
388	Unicorn-27000.exe
3612	Unicorn-51047.exe
2488	Unicorn-22724.exe
3152	Unicorn-55204.exe
2276	Unicorn-38868.exe
2356	Unicorn-11239.exe
4860	Unicorn-56911.exe
4816	Unicorn-62286.exe
1016	Unicorn-64332.exe
1524	Unicorn-40020.exe
3952	Unicorn-40020.exe
2220	Unicorn-23492.exe
2648	Unicorn-23854.exe
3124	Unicorn-6771.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 3684	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	87
PID 812 wrote to memory of 3684	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	87
PID 812 wrote to memory of 3684	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	87
PID 3684 wrote to memory of 3748	3684	Unicorn-31940.exe	88
PID 3684 wrote to memory of 3748	3684	Unicorn-31940.exe	88
PID 3684 wrote to memory of 3748	3684	Unicorn-31940.exe	88
PID 812 wrote to memory of 1740	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	89
PID 812 wrote to memory of 1740	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	89
PID 812 wrote to memory of 1740	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	89
PID 3748 wrote to memory of 4956	3748	Unicorn-1187.exe	91
PID 3748 wrote to memory of 4956	3748	Unicorn-1187.exe	91
PID 3748 wrote to memory of 4956	3748	Unicorn-1187.exe	91
PID 3684 wrote to memory of 2836	3684	Unicorn-31940.exe	90
PID 3684 wrote to memory of 2836	3684	Unicorn-31940.exe	90
PID 3684 wrote to memory of 2836	3684	Unicorn-31940.exe	90
PID 1740 wrote to memory of 2080	1740	Unicorn-22354.exe	92
PID 1740 wrote to memory of 2080	1740	Unicorn-22354.exe	92
PID 1740 wrote to memory of 2080	1740	Unicorn-22354.exe	92
PID 812 wrote to memory of 3068	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	93
PID 812 wrote to memory of 3068	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	93
PID 812 wrote to memory of 3068	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	93
PID 2836 wrote to memory of 4552	2836	Unicorn-65307.exe	98
PID 2836 wrote to memory of 4552	2836	Unicorn-65307.exe	98
PID 2836 wrote to memory of 4552	2836	Unicorn-65307.exe	98
PID 4956 wrote to memory of 4384	4956	Unicorn-19636.exe	99
PID 4956 wrote to memory of 4384	4956	Unicorn-19636.exe	99
PID 4956 wrote to memory of 4384	4956	Unicorn-19636.exe	99
PID 2080 wrote to memory of 432	2080	Unicorn-3299.exe	100
PID 2080 wrote to memory of 432	2080	Unicorn-3299.exe	100
PID 2080 wrote to memory of 432	2080	Unicorn-3299.exe	100
PID 3684 wrote to memory of 1860	3684	Unicorn-31940.exe	102
PID 3684 wrote to memory of 1860	3684	Unicorn-31940.exe	102
PID 3684 wrote to memory of 1860	3684	Unicorn-31940.exe	102
PID 812 wrote to memory of 1156	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	103
PID 812 wrote to memory of 1156	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	103
PID 812 wrote to memory of 1156	812	a0f42efdd422c8b6146ffadbd4d788c0N.exe	103
PID 1740 wrote to memory of 856	1740	Unicorn-22354.exe	104
PID 1740 wrote to memory of 856	1740	Unicorn-22354.exe	104
PID 1740 wrote to memory of 856	1740	Unicorn-22354.exe	104
PID 4552 wrote to memory of 3928	4552	Unicorn-35692.exe	114
PID 4552 wrote to memory of 3928	4552	Unicorn-35692.exe	114
PID 4552 wrote to memory of 3928	4552	Unicorn-35692.exe	114
PID 2836 wrote to memory of 4012	2836	Unicorn-65307.exe	115
PID 2836 wrote to memory of 4012	2836	Unicorn-65307.exe	115
PID 2836 wrote to memory of 4012	2836	Unicorn-65307.exe	115
PID 1860 wrote to memory of 3676	1860	Unicorn-21393.exe	116
PID 1860 wrote to memory of 3676	1860	Unicorn-21393.exe	116
PID 1860 wrote to memory of 3676	1860	Unicorn-21393.exe	116
PID 432 wrote to memory of 3028	432	Unicorn-19356.exe	117
PID 432 wrote to memory of 3028	432	Unicorn-19356.exe	117
PID 432 wrote to memory of 3028	432	Unicorn-19356.exe	117
PID 3684 wrote to memory of 3248	3684	Unicorn-31940.exe	119
PID 3684 wrote to memory of 3248	3684	Unicorn-31940.exe	119
PID 3684 wrote to memory of 3248	3684	Unicorn-31940.exe	119
PID 856 wrote to memory of 3200	856	Unicorn-11742.exe	118
PID 856 wrote to memory of 3200	856	Unicorn-11742.exe	118
PID 856 wrote to memory of 3200	856	Unicorn-11742.exe	118
PID 2080 wrote to memory of 4060	2080	Unicorn-3299.exe	120
PID 2080 wrote to memory of 4060	2080	Unicorn-3299.exe	120
PID 2080 wrote to memory of 4060	2080	Unicorn-3299.exe	120
PID 4384 wrote to memory of 2916	4384	Unicorn-19356.exe	121
PID 4384 wrote to memory of 2916	4384	Unicorn-19356.exe	121
PID 4384 wrote to memory of 2916	4384	Unicorn-19356.exe	121
PID 1740 wrote to memory of 4428	1740	Unicorn-22354.exe	122

C:\Users\Admin\AppData\Local\Temp\a0f42efdd422c8b6146ffadbd4d788c0N.exe
"C:\Users\Admin\AppData\Local\Temp\a0f42efdd422c8b6146ffadbd4d788c0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        9⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 640
        10⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 720
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        9⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        10⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        10⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        9⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        9⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        9⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        10⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        9⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 736
        8⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        7⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        9⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        7⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        8⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 720
        8⤵
        Program crash
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        7⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 636
        8⤵
        Program crash
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        6⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 656
        7⤵
        Program crash
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        7⤵
        
        PID:4428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 632
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 628
        6⤵
        Program crash
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        8⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 636
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        8⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        9⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        10⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        9⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 636
        8⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        6⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        7⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        6⤵
        
        PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        6⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 632
        7⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        6⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        9⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        8⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
        6⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        7⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        6⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        7⤵
        
        PID:8148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 636
        6⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        5⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        6⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34207.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44811.exe
        5⤵
        
        PID:9432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 728
      4⤵
      Program crash
      PID:2280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 728
      4⤵
      Program crash
      PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 716
        9⤵
        Program crash
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
        9⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        9⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 636
        10⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 636
        10⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        9⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        8⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 636
        9⤵
        Program crash
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 728
        9⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 728
        9⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 736
        8⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 636
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        9⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        10⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        9⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
        9⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 656
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        9⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        7⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        8⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 636
        9⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 736
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        7⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 724
        8⤵
        Program crash
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        7⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        6⤵
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 724
        7⤵
        Program crash
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        7⤵
        
        PID:10988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 716
        6⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 720
        10⤵
        Program crash
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 652
        8⤵
        Program crash
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        9⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 648
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        9⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        9⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        9⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 652
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        9⤵
        
        PID:644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 740
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        7⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        7⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 636
        8⤵
        Program crash
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        7⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        7⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 636
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        9⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        10⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 636
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        7⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        6⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 636
        7⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        6⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        8⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        6⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 464
        7⤵
        Program crash
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        6⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        7⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        6⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        6⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        7⤵
        
        PID:4600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 632
        6⤵
        Program crash
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        6⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 720
        7⤵
        Program crash
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        6⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 644
        7⤵
        
        PID:11800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 644
        6⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        5⤵
        
        PID:6000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 644
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        5⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        6⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51504.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        7⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 724
        8⤵
        Program crash
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        6⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 636
        7⤵
        Program crash
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42340.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        8⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        9⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        9⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        10⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        9⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        7⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 740
        7⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 636
        9⤵
        Program crash
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        7⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 548
        8⤵
        Program crash
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        9⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        8⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        7⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 716
        7⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        6⤵
        
        PID:7384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 672
        6⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        8⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 644
        9⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        7⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 732
        8⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 648
        7⤵
        
        PID:5144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 728
        6⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        6⤵
        
        PID:7540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 744
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33160.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        7⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 644
        8⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 644
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 664
        7⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        8⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        7⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15611.exe
        6⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        6⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 636
        7⤵
        Program crash
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        7⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 644
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        7⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        7⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        6⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        6⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        7⤵
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        7⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        6⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        8⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 632
        9⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        7⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
      4⤵
      PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
      4⤵
      PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
      4⤵
      PID:8080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 720
        5⤵
        Program crash
        
        PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        5⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        5⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        6⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27178.exe
        5⤵
        
        PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
      4⤵
      PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
      4⤵
      PID:9300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        7⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        6⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 644
        7⤵
        Program crash
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        6⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 720
        7⤵
        Program crash
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        6⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        7⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        6⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        8⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 720
        9⤵
        Program crash
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
        8⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 724
        9⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        10⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        9⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        8⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 708
        7⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        7⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 640
        8⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 640
        8⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 720
        7⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        6⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        6⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        9⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        10⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        10⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        9⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        8⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 724
        9⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37111.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        8⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        7⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 636
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        7⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        5⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        7⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        5⤵
        
        PID:7840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 640
        5⤵
        Program crash
        
        PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        7⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 636
        8⤵
        Program crash
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 660
        7⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        7⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 724
        8⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        5⤵
        
        PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
        5⤵
        
        PID:5568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 636
        6⤵
        Program crash
        
        PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
      4⤵
      PID:6588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 636
        5⤵
        Program crash
        
        PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
        5⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        6⤵
        
        PID:11428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 652
        5⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
      4⤵
      PID:11136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31717.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 728
      4⤵
      Program crash
      PID:4456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 764
      4⤵
      Program crash
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
      4⤵
      PID:1572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 636
        5⤵
        Program crash
        
        PID:9872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 628
      4⤵
      Program crash
      PID:10352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
    3⤵
    PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
    3⤵
    PID:6604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 636
      4⤵
      Program crash
      PID:9888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
    3⤵
    PID:8388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 636
      4⤵
      PID:11808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
    3⤵
    PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3936.exe
      4⤵
      PID:12636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
    3⤵
    PID:9880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
    3⤵
    PID:4472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        10⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 636
        11⤵
        Program crash
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 684
        9⤵
        Program crash
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
        8⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 744
        8⤵
        Program crash
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        7⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 716
        8⤵
        Program crash
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 640
        10⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        9⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30862.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        9⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        8⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 732
        9⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 656
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        8⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 640
        9⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        7⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 756
        7⤵
        Program crash
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        7⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 636
        8⤵
        Program crash
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        7⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 640
        8⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        6⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        8⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 728
        9⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        8⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 748
        7⤵
        Program crash
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        9⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        10⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        11⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        9⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        9⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 668
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        9⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        7⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 640
        8⤵
        
        PID:11720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 748
        6⤵
        Program crash
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        7⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 648
        7⤵
        Program crash
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        6⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 636
        7⤵
        Program crash
        
        PID:10420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 672
        6⤵
        Program crash
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        5⤵
        
        PID:4840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 636
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        9⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 724
        10⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        9⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 744
        8⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        8⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 636
        8⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 744
        7⤵
        Program crash
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        8⤵
        
        PID:7840
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 716
      4⤵
      Program crash
      PID:1468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 772
      4⤵
      Program crash
      PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 720
        5⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 720
        5⤵
        Program crash
        
        PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 636
        5⤵
        Program crash
        
        PID:4824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 676
        5⤵
        Program crash
        
        PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4428
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 640
      4⤵
      Program crash
      PID:3856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 640
      4⤵
      Program crash
      PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 728
      4⤵
      Program crash
      PID:2812
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 728
      4⤵
      Program crash
      PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10451.exe
        7⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 636
        7⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        5⤵
        
        PID:11724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
    3⤵
    PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      4⤵
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
    3⤵
    PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
    3⤵
    PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
      4⤵
      PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
      4⤵
      PID:6292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
    3⤵
    PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
      4⤵
      PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
      4⤵
      PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
    3⤵
    PID:10804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
    3⤵
    PID:5108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3068
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 636
    3⤵
    - Program crash
    PID:4284
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 680
    3⤵
    - Program crash
    PID:2408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 720
    3⤵
    - Program crash
    PID:4972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 764
    3⤵
    - Program crash
    PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 720
      4⤵
      Program crash
      PID:456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 740
      4⤵
      Program crash
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
      4⤵
      PID:6428
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 652
      4⤵
      PID:11132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        5⤵
        
        PID:6892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 652
        5⤵
        Program crash
        
        PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
      4⤵
      PID:6748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 656
      4⤵
      Program crash
      PID:3256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe
  2⤵
  PID:5932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
  2⤵
  PID:6720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
  2⤵
  PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
    3⤵
    PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
      4⤵
      PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
      4⤵
      PID:13232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
    3⤵
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe
      4⤵
      PID:3320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
  2⤵
  PID:10484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
  2⤵
  PID:1264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
  2⤵
  PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3068 -ip 3068
1⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3748 -ip 3748
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3748 -ip 3748
1⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3068 -ip 3068
1⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1156 -ip 1156
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1156 -ip 1156
1⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3200 -ip 3200
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4428 -ip 4428
1⤵
PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2080 -ip 2080
1⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3200 -ip 3200
1⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2080 -ip 2080
1⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4428 -ip 4428
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3440 -ip 3440
1⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1576 -ip 1576
1⤵
PID:884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1588 -ip 1588
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1960 -ip 1960
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4408 -ip 4408
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2176 -ip 2176
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4060 -ip 4060
1⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2916 -ip 2916
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4392 -ip 4392
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 856 -ip 856
1⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1860 -ip 1860
1⤵
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3440 -ip 3440
1⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4408 -ip 4408
1⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4060 -ip 4060
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2916 -ip 2916
1⤵
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4392 -ip 4392
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1860 -ip 1860
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 856 -ip 856
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1576 -ip 1576
1⤵
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 2176 -ip 2176
1⤵
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1960 -ip 1960
1⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1588 -ip 1588
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1524 -ip 1524
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2272 -ip 2272
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1016 -ip 1016
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2720 -ip 2720
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3716 -ip 3716
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4160 -ip 4160
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1940 -ip 1940
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2476 -ip 2476
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2272 -ip 2272
1⤵
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1524 -ip 1524
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 640 -ip 640
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1016 -ip 1016
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4408 -ip 4408
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4060 -ip 4060
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3716 -ip 3716
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2812 -ip 2812
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4160 -ip 4160
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2720 -ip 2720
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2476 -ip 2476
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1940 -ip 1940
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 540 -ip 540
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5208 -ip 5208
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1656 -ip 1656
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5456 -ip 5456
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3712 -ip 3712
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3612 -ip 3612
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3152 -ip 3152
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2488 -ip 2488
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4816 -ip 4816
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2356 -ip 2356
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5780 -ip 5780
1⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2812 -ip 2812
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5760 -ip 5760
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5744 -ip 5744
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5852 -ip 5852
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5240 -ip 5240
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5932 -ip 5932
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5908 -ip 5908
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5192 -ip 5192
1⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6084 -ip 6084
1⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4284 -ip 4284
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5776 -ip 5776
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3168 -ip 3168
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 540 -ip 540
1⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4384 -ip 4384
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4400 -ip 4400
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5208 -ip 5208
1⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1656 -ip 1656
1⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3152 -ip 3152
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3712 -ip 3712
1⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5456 -ip 5456
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3612 -ip 3612
1⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5884 -ip 5884
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 872 -ip 872
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1132 -ip 1132
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2356 -ip 2356
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4816 -ip 4816
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2488 -ip 2488
1⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5780 -ip 5780
1⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5760 -ip 5760
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6692 -ip 6692
1⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5240 -ip 5240
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5852 -ip 5852
1⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6652 -ip 6652
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5932 -ip 5932
1⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 1480 -ip 1480
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5528 -ip 5528
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5476 -ip 5476
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5636 -ip 5636
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6276 -ip 6276
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5744 -ip 5744
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5168 -ip 5168
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5244 -ip 5244
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3236 -ip 3236
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6164 -ip 6164
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6120 -ip 6120
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6212 -ip 6212
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6148 -ip 6148
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5908 -ip 5908
1⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5192 -ip 5192
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 4284 -ip 4284
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6084 -ip 6084
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5368 -ip 5368
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 5968 -ip 5968
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5800 -ip 5800
1⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5776 -ip 5776
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6892 -ip 6892
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5888 -ip 5888
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2460 -ip 2460
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6844 -ip 6844
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6924 -ip 6924
1⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 3168 -ip 3168
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4384 -ip 4384
1⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4400 -ip 4400
1⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 3040 -ip 3040
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 5224 -ip 5224
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 872 -ip 872
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 1132 -ip 1132
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5884 -ip 5884
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 3780 -ip 3780
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3676 -ip 3676
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3692 -ip 3692
1⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5628 -ip 5628
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5216 -ip 5216
1⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5444 -ip 5444
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 5692 -ip 5692
1⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5492 -ip 5492
1⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5592 -ip 5592
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 2276 -ip 2276
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7652 -ip 7652
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6692 -ip 6692
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 6748 -ip 6748
1⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6720 -ip 6720
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6592 -ip 6592
1⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4632 -ip 4632
1⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 1016 -ip 1016
1⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5576 -ip 5576
1⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 7212 -ip 7212
1⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6428 -ip 6428
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 2336 -ip 2336
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6080 -ip 6080
1⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5620 -ip 5620
1⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7060 -ip 7060
1⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 7076 -ip 7076
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6820 -ip 6820
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 6440 -ip 6440
1⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5324 -ip 5324
1⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 1572 -ip 1572
1⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 7116 -ip 7116
1⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 5656 -ip 5656
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6604 -ip 6604
1⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6588 -ip 6588
1⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6872 -ip 6872
1⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 7160 -ip 7160
1⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6644 -ip 6644
1⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5568 -ip 5568
1⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 6452 -ip 6452
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 6652 -ip 6652
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 7092 -ip 7092
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 1480 -ip 1480
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 5548 -ip 5548
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 5528 -ip 5528
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1508 -p 5476 -ip 5476
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 4600 -ip 4600
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1564 -p 6548 -ip 6548
1⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1592 -p 5636 -ip 5636
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6276 -ip 6276
1⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1624 -p 1940 -ip 1940
1⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 6128 -ip 6128
1⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 5472 -ip 5472
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1568 -p 5244 -ip 5244
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 6448 -ip 6448
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1668 -p 5168 -ip 5168
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1540 -p 3236 -ip 3236
1⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 6400 -ip 6400
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 7364 -ip 7364
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1412 -p 6212 -ip 6212
1⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6164 -ip 6164
1⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6120 -ip 6120
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 7340 -ip 7340
1⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 7236 -ip 7236
1⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 3716 -ip 3716
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7312 -ip 7312
1⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 6148 -ip 6148
1⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1544 -p 7384 -ip 7384
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1508 -p 7332 -ip 7332
1⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 8072 -ip 8072
1⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1668 -p 7704 -ip 7704
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5368 -ip 5368
1⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 5800 -ip 5800
1⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1648 -p 5968 -ip 5968
1⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 8128 -ip 8128
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1668 -p 8176 -ip 8176
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7580 -ip 7580
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 7360 -ip 7360
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 8080 -ip 8080
1⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 4176 -ip 4176
1⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6612 -ip 6612
1⤵
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 5624 -ip 5624
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6124 -ip 6124
1⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 6188 -ip 6188
1⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6380 -ip 6380
1⤵
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 5724 -ip 5724
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5792 -ip 5792
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 2220 -ip 2220
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5700 -ip 5700
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 6892 -ip 6892
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1672 -p 5888 -ip 5888
1⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 3124 -ip 3124
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 3740 -ip 3740
1⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 5684 -ip 5684
1⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 2460 -ip 2460
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1676 -p 5264 -ip 5264
1⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6844 -ip 6844
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 6924 -ip 6924
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6320 -ip 6320
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 640 -ip 640
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4744 -ip 4744
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6668 -ip 6668
1⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 3952 -ip 3952
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5224 -ip 5224
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 6680 -ip 6680
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4060 -ip 4060
1⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 4408 -ip 4408
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 6456 -ip 6456
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 3200 -ip 3200
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 5524 -ip 5524
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 6492 -ip 6492
1⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 5160 -ip 5160
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1564 -p 3780 -ip 3780
1⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1624 -p 5944 -ip 5944
1⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3676 -ip 3676
1⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1520 -p 5904 -ip 5904
1⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 6880 -ip 6880
1⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5756 -ip 5756
1⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 1596 -ip 1596
1⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 6920 -ip 6920
1⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1736 -p 6392 -ip 6392
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6140 -ip 6140
1⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 7772 -ip 7772
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1476 -p 7880 -ip 7880
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3300 -ip 3300
1⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2648 -ip 2648
1⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7448 -ip 7448
1⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1752 -p 7252 -ip 7252
1⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 7840 -ip 7840
1⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6720 -ip 6720
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1728 -p 7372 -ip 7372
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 6592 -ip 6592
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 6748 -ip 6748
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 4592 -ip 4592
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1016 -ip 1016
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7212 -ip 7212
1⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 4632 -ip 4632
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1656 -p 7004 -ip 7004
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1732 -p 5572 -ip 5572
1⤵
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 1780 -ip 1780
1⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 5576 -ip 5576
1⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 6428 -ip 6428
1⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5620 -ip 5620
1⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1752 -p 5416 -ip 5416
1⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5876 -ip 5876
1⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 2280 -ip 2280
1⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 2212 -ip 2212
1⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3928 -ip 3928
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1496 -p 7884 -ip 7884
1⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1476 -p 5660 -ip 5660
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7976 -ip 7976
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 7404 -ip 7404
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7720 -ip 7720
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 5936 -ip 5936
1⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1576 -ip 1576
1⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 5600 -ip 5600
1⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7196 -ip 7196
1⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 7420 -ip 7420
1⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 7540 -ip 7540
1⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 8064 -ip 8064
1⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1620 -p 7692 -ip 7692
1⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1748 -p 8144 -ip 8144
1⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4284 -ip 4284
1⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7460 -ip 7460
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5152 -ip 5152
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 8236 -ip 8236
1⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7876 -ip 7876
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4840 -ip 4840
1⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 8660 -ip 8660
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 9184 -ip 9184
1⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 8748 -ip 8748
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 8656 -ip 8656
1⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 9176 -ip 9176
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1752 -p 6936 -ip 6936
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7352 -ip 7352
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 9148 -ip 9148
1⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 6472 -ip 6472
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1572 -p 8384 -ip 8384
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 8376 -ip 8376
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5380 -ip 5380
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 9080 -ip 9080
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6876 -ip 6876
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 8484 -ip 8484
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5852 -ip 5852
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7432 -ip 7432
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1644 -ip 1644
1⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1764 -p 1524 -ip 1524
1⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 3784 -ip 3784
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 3132 -ip 3132
1⤵
PID:7572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe

Filesize
468KB

MD5
83660c9c635a49b591804cc6d73d8c34

SHA1
acde530840e482db322467e7c291a987e663ce14

SHA256
e0bcf3918f1f8d822dd6e694438bd892d5057cee87d015b8ebe11f5110e5bd9d

SHA512
732173dbb3c9f20ad1111d0afe82f2f6bd36003f2592f23b4c67466b06a8ce3101560dafc24e05f050570dbedf49d48a81ef3a6ac53df7e03013379c4bb31a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe

Filesize
468KB

MD5
d3cc7717b6a4252cef4e9ed4f6cce883

SHA1
d85fa616674d9bc8565ecd7c9c2120cfd5aa617f

SHA256
8b099abbfeb66f3c140257fa16446186d02bec99ce63b886592e550470e9802c

SHA512
6f98774940d1eada0b81fec7362759bffda730a61a96519c9bee5a1200d1eb6286eee0da51cd0057670edffb8535972c94074f1fa5a01762eb8ed6ced0b8d7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe

Filesize
468KB

MD5
b105a5b0ed89c664899bc30577dfd2d0

SHA1
e2360a57b7f821d7091e25ededa188ddaf5cd654

SHA256
4f489d119a4984b871765269d4a08e878ba86220b90f1552d191b5868f2266e4

SHA512
9d831710dbf537cb072f806fc161ad44c1d17585d4a3e533b6e9eaf62f58c055a8d0d95598dca9bdbe57907fe437e4deb5493becda162fab5093dba17580b4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe

Filesize
468KB

MD5
15bbd495a43ba688dcdd2b642feba659

SHA1
a81ec79ece5af4bf0242224e06546140c9d71d5b

SHA256
6535c516f0bd595ea530399edff03325f78de8364d1c7cd3d35093f0153ed9e6

SHA512
6e4a5ef978e99c235ef6e296bc26ba8ea870ef57df94023f881e824ee8fc771cb08618e93faceac90e6de8d96e6b62c0b12c66543e8f3a76d80422a64fd77eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe

Filesize
468KB

MD5
77853b9c9807b3bb6d5321612d632ddb

SHA1
ad594684b687e330f2fa731f3167a5491c7e36f6

SHA256
3da1be41e695ec01e22b7f2679764f36e3f07713c49909858f5e375579874cff

SHA512
f09ab6bd7403574eb1f2defde8e381d0762b706c1a984ccc3c6406c8c93e8988536dfdb8936cba8bfe876d7e3a87d770d4c1896d6d798b3b93f13155c462d63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe

Filesize
468KB

MD5
fb0b9f2fe4f838ac9ff5727a724bbbfd

SHA1
0617720e8f1c804fa15d4d902f9c94629edb43df

SHA256
e7879162b913cab588deaeff88902b5acf38e16af54d8cd2a01314082da05705

SHA512
a3466d3140bc0d75ed7a81579e7eef7bbf62e3933405e8151b05d158fa30ca19f3abfa82eb461a799b5bdda64c6d33bdfeecea021dcae3d508800fd51645d686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe

Filesize
468KB

MD5
1a509b9d254dea703d92572dc70da59f

SHA1
cc819ebb16dd7f05e71a5394f68d4a19a5327a27

SHA256
511d3a8bd463835c1754e26bd3936ad79daf7f3c2e0ad8bdb0492f246c78fc0b

SHA512
0473d9801a07b670374871b97976d54a6df9c4409da9fc27ca189699b53bc8ff956554c8df9157334c7f8d308845f694d10bcda50e40474aa8fcd5cc7912e8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe

Filesize
468KB

MD5
7a1b0c5b8104af6d2044a467d3d8d525

SHA1
8c10cfed64da6352ac9f392079e0920f3d0b5dbf

SHA256
c51daf914b4ab86dd3a579343be4a3061b8923f309e0618994a24416d0bf4130

SHA512
ee7019ae088df81a940756bea3e6023a6b90ea9c638a73515548ecf456a4431d81584a2a20daf09d761b35bb5f929ec933447ad12af33ce7c4ef1632af788ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe

Filesize
468KB

MD5
70cbdc805e6c78d4627fd993b8063378

SHA1
74eb8b29f34acc86b770504f5924e3fc91f37eca

SHA256
2a6aa44014a2528b0f257a11dec416e7a30c100f106e62b47bcf8838352238ca

SHA512
b73ef62c5bd8b2dadd30220c3fb4317a52d46f1153908b4e7940920ebd5b27012a9292077081b7cc6c22cad87bc3878d567db38d9ab4357a08e4b67815949255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe

Filesize
468KB

MD5
b52a38e98d6b2fee47aa17b6e7184ea8

SHA1
7c26aaa186a6fc8465a64e573d454769c0fcd8c6

SHA256
c12c751de5cc2a3231bf37ae106ff532e4148903da8d8a2e8b2fded604d13e00

SHA512
55635d5ff4623afe76481dbd8cbe301cde9f041f1572643712e212bff56f9bc960daf7c5d7d72844abe1f84f4ca7075e1e452cd608ce1cbabf8edcbbdc05acb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe

Filesize
468KB

MD5
8c2e80066b5487d615a32e96269666fb

SHA1
af9b210c1aab974ac4253fdfcb69186e186aa5e5

SHA256
685fe362cc7c669f9c8f8f70b5a48fe43bfa1f8b2ad6f3ec2f583296595ece4d

SHA512
fa9fa4dc5d547abd6d156ca4e04d0e8348889586aca533521a88dee83c30078b22d661c1b121682cde0c0ccfec1a43d510e189dac236c1e7129e492b95bf67fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe

Filesize
468KB

MD5
bf806d4789408a9d15dad56584f086bc

SHA1
ad0f0f21741fad4c29ac9c8966e813aea689941e

SHA256
7115318bf014dbad1d82343f29d3fd65799131d853351b1db27adc9629480530

SHA512
afc647183d481c06359deb2981194f7ecd4fe1c727c990fbf04a50b75e12c8bdef4daea3280a6189e55cb5f403af383f8cd01ef419f20c1a4dfbec62b043808f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe

Filesize
468KB

MD5
b646490eb2f150efb19a501db7c7d628

SHA1
fb0ab9c90eb3024f48c4dc6988a9fae440db5a47

SHA256
2eef188372c3a372bb290f5a76e00fd253c1b262f66fb8a77515a73560d432ce

SHA512
31105455288307f70eb7179c14cb1c7353d0d5576d4f596be1a942754601d10c111c85d68e175a9a4a0099db7be6beb61403ced3d0776ebfc2b3d8fbb7abb9d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe

Filesize
468KB

MD5
36a558b47899484aa2395cf62dca7439

SHA1
dcdb3d4dea8126d560e91a087de0aecdcd87b792

SHA256
ece9e5c4ef03b447674c04209d4d296dede28eadcdce6bcbbadfc91ecaf4c740

SHA512
b15f985eee892bdd007931d9ef219836bf327387be447a44f8bfcfe2bb674f00169c6e82f8ff518c3629f782bf0fb41cd8fb1bd626b429ecacb98b8d68ace097

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe

Filesize
468KB

MD5
9bddf739f0e1fe07a625ed2868e71199

SHA1
6985683eb0d33cf1c7d895120cd7d30fc3da51cc

SHA256
6cdcbe0d3fb1b34428bebf2bf84d24331f63f380482d7f98611870319fa92605

SHA512
46d9fbb3faa17f4440c5313fc0ebe58d8d86ef441874ea8e341ddec9f8bd49520207db06904015a6291390480e0bcaae6c76b6389b2b0cc72a038b01f25a9f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe

Filesize
468KB

MD5
76a0dc92ca925f709f6f9da550b272d3

SHA1
f2bcec74b6fb9ebc647220912c13a98043717951

SHA256
9886142e507ae09189aa27fb0c8b9a99338bd0229587a43f39e2ce88bbca35c0

SHA512
0ce8054a0b73b5f627bdd5d77c3973e03808d5efb0a227e1af22abac76d5bf2c737364a7264be6a7effeb5cf58b0975b44c2731e3c2a3fc0e30bd5fded5240ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe

Filesize
468KB

MD5
13db77a2ffe5d0cbd1198115fd399f34

SHA1
211b803c31a55c83835cb05de088cfa53c027467

SHA256
be5c3fbe2de3f67e703ad03b05e36f052a111dfe4e842a551ac41b253e98ce02

SHA512
549eacea04843785a318f227d2fc79e2766e8193446b28c49d2f0b610bffe6cac2f8237dfb1fb60b17b6f07b8ce00097c83606c40cff66b7350988c2abb043f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe

Filesize
468KB

MD5
d4b11f1a8715a7b74a3f2766bbbe9258

SHA1
98ce8632bdd88ce743e5f0414abd17f367f2d722

SHA256
5b68e6b32b844e6b3ed7b0a809258617548cabf87330f36578bd084c08499307

SHA512
e7d40a146ae86614c62d96711fdd52abf1a3bb1d33ec609450e15bc70ec6107cb43f363ffc0351e480c20fbdacbe16894bbebdcac48166d4e4b3cccccb144606

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe

Filesize
468KB

MD5
0feff0ee7b524bff1d13455fe52a7d42

SHA1
baf228dc3fe458a12c34a96af1e242b6793ee236

SHA256
c3fa79d211d74775aa01d347eeaa5c585f209719e5aa0a1e664604c11e26f421

SHA512
61658a379b54a87092d1e2b2919bb29df0cfdec92908fcb95ced6083e13469242d35b2b694c37f529d12ca17774e5fdf4b52f040d8fe749777d100e57c48fedf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe

Filesize
468KB

MD5
5c44ffe1e9add1732c49874f2e494949

SHA1
9adea5498906fc8feedde7bb1dc708edbcecdd4c

SHA256
863745ad47374f6bd2563251b58a62c311b7a200f31c662489d3313dc9732e1f

SHA512
ffe53cb6f804ed0b75a2ba3423e397efb49d650cf51b3f840adb6cc4f9a50026ba5159d869f4804fc6ac98f759aa06dfe00b570f94803476b2cbf6c0f932b5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe

Filesize
468KB

MD5
9d4b3aefd7d6a67dda43fc6daf2af30a

SHA1
26e292dc4f30f3d312a157dedc61a2e09ffaa837

SHA256
8fe292a866c275afe79f6bfb436ee87ddc9feaaf986020152a38d60d31619f2d

SHA512
455c1106224de4b6e1029aa79877a81d923adf6c5466d8888df50c613b76e77bc91b6515b916ad824371ef4f279c66fe641b0d3e4b4abb49dac1c01096f8240a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe

Filesize
468KB

MD5
eb62d5ce075f49f5ebc3e5dc39143978

SHA1
d073be0b53831018bb042070c6610f7817149df3

SHA256
852a832142f3d9ef38e61f081d73ae8d96b30465d694c3eb065558256dcdba1b

SHA512
efedc70b75812e169a6b36ea4d66ca156ee8ffdc52d9d4d060079f1ab668a043216bd8c21375de4b3ec1fb0e9d2ba2e886c27e00d21357196c7b3899131102a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe

Filesize
468KB

MD5
10431846cf86704755fb77516731b0a3

SHA1
6f28e0551718a3c8759c2ebb624071fdec38748f

SHA256
f91d7899fa694314a7f6e3bf3de6bce2b1aaafa819861cbc5100d4814b5ca7ab

SHA512
fc4737d5c6edff27bb6045a36922fa1e6635faf4cdcf582384e7881c9dd70376b60401e2c866cb204f2009e7715b4787e7819f725c23de914850836c6bff076b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe

Filesize
468KB

MD5
c87915a988ae81fcf0a3eb1302350d48

SHA1
36ad7a1f6ec025a8ce405d438d386a9a87f22786

SHA256
309707badd4b161ad4d78bef7223836524f67190ae39f78bbca2d9e95a461743

SHA512
98cf7d84250a1ead951c4c871986dd8f9d0769f50f2107c9cc6caddcdc3ebbf8e49012e4520a0762ddaf8b37d946443f3158dc176b9a6042c2828fd2ae44f98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe

Filesize
468KB

MD5
198b75a847a287a276d352287ec12749

SHA1
b3e47b4271c16ecbeb44467b0251465e115de8cd

SHA256
d30841c946d4b8f6f28df81ccb3ce0a6c7539f5e530310ff05886be54cb1fc9b

SHA512
a6ddbb26092bd15acc89f0f6a37ca02d885d97c039280863787996736244d12710c1e1b85abc3751f1f12c997c2261cfaf4f6e51cd365eeca511fc02d9222ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe

Filesize
468KB

MD5
0d036b2ab6b8fcbbe267de86567c7167

SHA1
bb934b1feb145168ceb3ec6e5c2caab93eee661e

SHA256
156409513c9e905d7d6b07841d26b9b865f6358a87ae3d62ba3fd43b7fdab010

SHA512
0eb838e7777089d1b80e9fddfa7a609fb0c4d172d65d57e2c62e7ffd9789cf3cdd0fc7b76dce6400158d29bfb17147885fa511e80e85b07ebc3f40a23b61fac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe

Filesize
468KB

MD5
ff81a3a2705e5b336e08474614bbfde3

SHA1
900b28d01258dce8c3ba385a85c05117a9c9df97

SHA256
1dbbb5a862fb6b6e06e2854f5251c062228917f59429b408a34d5c4480c8113b

SHA512
7ba52635020a9250816b02d6d77bb2ddf45c04dd2d2ea48120e39f2cc27653a9679ff3acac2a6d8919460151aab7f7afd246efe28e3a83f5b2e3f54f6eb7721a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe

Filesize
468KB

MD5
e3e0e0a858353d086a2f34efe3c33b58

SHA1
c8329c7f00efd55922187c4ec8cb077718fdf8f3

SHA256
8da4e7612e1806b6a477be91feb0756898aa1e6ecea34f96fce4cc74900f4f33

SHA512
5c3fb3d721cc3bf5b8e60692966b02816e2355fce518654e2803a1674eb38eb77c9ea60c714373bd80f3a520331a36e7fbf763e9cab11b70296fed3aab66ae93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe

Filesize
468KB

MD5
3a005ac9bb93c6e869c872ee25d42d69

SHA1
37cc0fa7fbeff7c64b01c2065a5a0cd8d9361b66

SHA256
fb98cfdd4223837976f62169c4684f96c73f2c3431163c0b2f9aee432d057f4b

SHA512
b9f069c3f371cd1ed14996e50457a671b93a956adbf49630e51252497ec6c616dc71fd80afc8746be01b3a9157b9a7393fea99e44dcebd3f6eefc1b6268832e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe

Filesize
468KB

MD5
0cebe6251b4d19ec5c41ef0cec0cfe59

SHA1
3431cbcc054d16424037eb053e6bb427dbf5000e

SHA256
df2bcca99697be576c58531700228d22b31331df388595a83b6da3dda9892c0a

SHA512
bf6a12e002d7dd9f77522da45faadfd87a36bb413e8cbc0ddd7ea24085360cb2cb760900b17aa0a819d66aa872fddceb5c6591ca1586c5185f1dc78c648e9e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe

Filesize
468KB

MD5
62b0a824e491917a3677a9f818645f8a

SHA1
8c714013b92117190e12c3eaea7a124846b17163

SHA256
af1948af7165a90bcc61d05f3c7814ae0fac41406da09ea6c6dbf70465a06bc1

SHA512
b73749bc0ea2e10c0d8b2295aeb48962af8f84d716e2aa3e94eb2af1b0e8cd655a881afed3821ade9435d651a7889d47bd4874212d617489a078e03ae50ecd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe

Filesize
468KB

MD5
c8f513f379143da449014a76ab1ddaaf

SHA1
c55497330fcd3b8da3966222f789b046e284390a

SHA256
e2ab921ab1df6e4b4ff8bf2533101eccd11568d0e9019183d120b156091b5719

SHA512
d3d1b713c649f084fcab9f096365e686b402445c7a3fca965e19d7ef84fb27656c077cdf9522546ed52048cd39b4b537be9a526db7eaa6931890917c6ad334cc

Download Submit
memory/2996-2799-0x0000000075430000-0x00000000754E9000-memory.dmp

Filesize
740KB

Download
memory/10592-2822-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11068-2823-0x0000000076370000-0x00000000763CF000-memory.dmp

Filesize
380KB

Download