396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe
Size

468KB
MD5

6141d009f470d62957b466d1c05674c7
SHA1

a8c6239a99ebdf4e0105a8384d83b20cdf5d67ca
SHA256

396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db
SHA512

7dbe5347a2872839f224d54a718e2e2e5b129c24ce2b70c93b26c61acab4c6bb9d28c114f3d9724eb8d44b555345773b4320ec6fd58d8ec30fcc152fd5d1b994
SSDEEP

3072:1G3HogISIp5TtbY2HzcOcf8/zChaP0pGJVHeTVPNQ65ER77gzslL:1G3ob/TtxH4OcfuYXfQ6yV7gz

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2336	Unicorn-26799.exe
2032	Unicorn-46425.exe
1100	Unicorn-61370.exe
4152	Unicorn-43301.exe
3908	Unicorn-49523.exe
4720	Unicorn-29657.exe
2840	Unicorn-47477.exe
4608	Unicorn-18579.exe
3528	Unicorn-6881.exe
2104	Unicorn-10218.exe
4208	Unicorn-25163.exe
2148	Unicorn-16175.exe
4940	Unicorn-10310.exe
4624	Unicorn-40115.exe
3216	Unicorn-28417.exe
2132	Unicorn-11426.exe
2508	Unicorn-56259.exe
4876	Unicorn-25533.exe
5000	Unicorn-55497.exe
3416	Unicorn-64519.exe
1056	Unicorn-5112.exe
408	Unicorn-24141.exe
1456	Unicorn-44007.exe
4728	Unicorn-47826.exe
220	Unicorn-51381.exe
2744	Unicorn-22601.exe
392	Unicorn-16470.exe
1476	Unicorn-37545.exe
536	Unicorn-57411.exe
2616	Unicorn-10083.exe
4464	Unicorn-39705.exe
5080	Unicorn-45735.exe
2628	Unicorn-45735.exe
4872	Unicorn-19093.exe
1396	Unicorn-29207.exe
2388	Unicorn-29207.exe
4516	Unicorn-7825.exe
2468	Unicorn-13425.exe
3560	Unicorn-13425.exe
3976	Unicorn-8521.exe
2904	Unicorn-65393.exe
1320	Unicorn-2656.exe
2872	Unicorn-54458.exe
2632	Unicorn-28221.exe
4112	Unicorn-36389.exe
4512	Unicorn-42611.exe
4584	Unicorn-46695.exe
3104	Unicorn-30935.exe
208	Unicorn-208.exe
2204	Unicorn-4292.exe
4068	Unicorn-51355.exe
948	Unicorn-4100.exe
1480	Unicorn-6238.exe
1132	Unicorn-4192.exe
1428	Unicorn-10322.exe
1064	Unicorn-14406.exe
2776	Unicorn-49217.exe
1140	Unicorn-13445.exe
4180	Unicorn-38646.exe
3180	Unicorn-30511.exe
3036	Unicorn-53856.exe
4988	Unicorn-29980.exe
4808	Unicorn-32780.exe
1988	Unicorn-19045.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4948	2840	WerFault.exe	93
2872	4720	WerFault.exe	92
3524	4720	WerFault.exe	92
992	2840	WerFault.exe	93
3244	3528	WerFault.exe	95
4412	3528	WerFault.exe	95
1596	1456	WerFault.exe	122
2156	4940	WerFault.exe	99
4988	1056	WerFault.exe	120
3152	1056	WerFault.exe	120
444	1456	WerFault.exe	122
528	4940	WerFault.exe	99
4028	2468	WerFault.exe	141
1056	4516	WerFault.exe	140
4800	5080	WerFault.exe	135
3352	2628	WerFault.exe	136
4372	2468	WerFault.exe	141
3004	2628	WerFault.exe	136
2200	5080	WerFault.exe	135
3512	4516	WerFault.exe	140
3512	1428	WerFault.exe	172
4976	392	WerFault.exe	130
5684	4988	WerFault.exe	184
5744	1140	WerFault.exe	179
4940	3036	WerFault.exe	182
5656	1988	WerFault.exe	185
5036	3180	WerFault.exe	181
4336	3568	WerFault.exe	235
7332	4988	WerFault.exe	184
6344	1484	WerFault.exe	315
9384	5240	WerFault.exe	295
9392	4860	WerFault.exe	310
9704	6936	WerFault.exe	359
9188	6320	WerFault.exe	340
5304	3692	WerFault.exe	429
9472	4220	WerFault.exe	433
9876	6912	WerFault.exe	441
9860	828	WerFault.exe	428
9852	5788	WerFault.exe	430
9840	2076	WerFault.exe	452
9832	464	WerFault.exe	421
8512	6608	WerFault.exe	410
9948	6204	WerFault.exe	431
10076	6616	WerFault.exe	439
10068	5924	WerFault.exe	418
4108	7268	WerFault.exe	463
5820	7912	WerFault.exe	483
6348	7932	WerFault.exe	485
7132	7956	WerFault.exe	488
9420	8012	WerFault.exe	495
8440	7632	WerFault.exe	474
9032	7976	WerFault.exe	490
5316	7712	WerFault.exe	478
5320	5188	WerFault.exe	434
9348	1352	WerFault.exe	457
9652	7240	WerFault.exe	462
9312	5864	WerFault.exe	450
5772	7728	WerFault.exe	480
5244	7448	WerFault.exe	467
8760	7892	WerFault.exe	482
2656	6540	WerFault.exe	442
4296	3648	WerFault.exe	460
6360	6016	WerFault.exe	447
7880	6636	WerFault.exe	456

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48807.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe
2336	Unicorn-26799.exe
2032	Unicorn-46425.exe
1100	Unicorn-61370.exe
4152	Unicorn-43301.exe
3908	Unicorn-49523.exe
4720	Unicorn-29657.exe
2840	Unicorn-47477.exe
4608	Unicorn-18579.exe
3528	Unicorn-6881.exe
2104	Unicorn-10218.exe
4208	Unicorn-25163.exe
2148	Unicorn-16175.exe
4940	Unicorn-10310.exe
4624	Unicorn-40115.exe
3216	Unicorn-28417.exe
2132	Unicorn-11426.exe
2508	Unicorn-56259.exe
4876	Unicorn-25533.exe
3416	Unicorn-64519.exe
1056	Unicorn-5112.exe
408	Unicorn-24141.exe
1456	Unicorn-44007.exe
4728	Unicorn-47826.exe
220	Unicorn-51381.exe
392	Unicorn-16470.exe
2744	Unicorn-22601.exe
1476	Unicorn-37545.exe
536	Unicorn-57411.exe
2616	Unicorn-10083.exe
4464	Unicorn-39705.exe
2628	Unicorn-45735.exe
5080	Unicorn-45735.exe
4872	Unicorn-19093.exe
2388	Unicorn-29207.exe
2904	Unicorn-65393.exe
2468	Unicorn-13425.exe
4516	Unicorn-7825.exe
3560	Unicorn-13425.exe
3976	Unicorn-8521.exe
1396	Unicorn-29207.exe
1320	Unicorn-2656.exe
2872	Unicorn-54458.exe
2632	Unicorn-28221.exe
4112	Unicorn-36389.exe
4512	Unicorn-42611.exe
4584	Unicorn-46695.exe
208	Unicorn-208.exe
3104	Unicorn-30935.exe
2204	Unicorn-4292.exe
4068	Unicorn-51355.exe
948	Unicorn-4100.exe
1428	Unicorn-10322.exe
1132	Unicorn-4192.exe
1480	Unicorn-6238.exe
1064	Unicorn-14406.exe
2776	Unicorn-49217.exe
1140	Unicorn-13445.exe
4180	Unicorn-38646.exe
3180	Unicorn-30511.exe
4808	Unicorn-32780.exe
3036	Unicorn-53856.exe
4988	Unicorn-29980.exe
1988	Unicorn-19045.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2336	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	87
PID 2612 wrote to memory of 2336	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	87
PID 2612 wrote to memory of 2336	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	87
PID 2336 wrote to memory of 2032	2336	Unicorn-26799.exe	88
PID 2336 wrote to memory of 2032	2336	Unicorn-26799.exe	88
PID 2336 wrote to memory of 2032	2336	Unicorn-26799.exe	88
PID 2612 wrote to memory of 1100	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	89
PID 2612 wrote to memory of 1100	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	89
PID 2612 wrote to memory of 1100	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	89
PID 2032 wrote to memory of 4152	2032	Unicorn-46425.exe	90
PID 2032 wrote to memory of 4152	2032	Unicorn-46425.exe	90
PID 2032 wrote to memory of 4152	2032	Unicorn-46425.exe	90
PID 1100 wrote to memory of 3908	1100	Unicorn-61370.exe	91
PID 1100 wrote to memory of 3908	1100	Unicorn-61370.exe	91
PID 1100 wrote to memory of 3908	1100	Unicorn-61370.exe	91
PID 2336 wrote to memory of 4720	2336	Unicorn-26799.exe	92
PID 2336 wrote to memory of 4720	2336	Unicorn-26799.exe	92
PID 2336 wrote to memory of 4720	2336	Unicorn-26799.exe	92
PID 2612 wrote to memory of 2840	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	93
PID 2612 wrote to memory of 2840	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	93
PID 2612 wrote to memory of 2840	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	93
PID 4152 wrote to memory of 4608	4152	Unicorn-43301.exe	94
PID 4152 wrote to memory of 4608	4152	Unicorn-43301.exe	94
PID 4152 wrote to memory of 4608	4152	Unicorn-43301.exe	94
PID 2032 wrote to memory of 3528	2032	Unicorn-46425.exe	95
PID 2032 wrote to memory of 3528	2032	Unicorn-46425.exe	95
PID 2032 wrote to memory of 3528	2032	Unicorn-46425.exe	95
PID 3908 wrote to memory of 2104	3908	Unicorn-49523.exe	96
PID 3908 wrote to memory of 2104	3908	Unicorn-49523.exe	96
PID 3908 wrote to memory of 2104	3908	Unicorn-49523.exe	96
PID 1100 wrote to memory of 4208	1100	Unicorn-61370.exe	98
PID 1100 wrote to memory of 4208	1100	Unicorn-61370.exe	98
PID 1100 wrote to memory of 4208	1100	Unicorn-61370.exe	98
PID 2336 wrote to memory of 4940	2336	Unicorn-26799.exe	99
PID 2336 wrote to memory of 4940	2336	Unicorn-26799.exe	99
PID 2336 wrote to memory of 4940	2336	Unicorn-26799.exe	99
PID 2612 wrote to memory of 2148	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	100
PID 2612 wrote to memory of 2148	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	100
PID 2612 wrote to memory of 2148	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	100
PID 4608 wrote to memory of 4624	4608	Unicorn-18579.exe	110
PID 4608 wrote to memory of 4624	4608	Unicorn-18579.exe	110
PID 4608 wrote to memory of 4624	4608	Unicorn-18579.exe	110
PID 4152 wrote to memory of 3216	4152	Unicorn-43301.exe	112
PID 4152 wrote to memory of 3216	4152	Unicorn-43301.exe	112
PID 4152 wrote to memory of 3216	4152	Unicorn-43301.exe	112
PID 2032 wrote to memory of 2132	2032	Unicorn-46425.exe	113
PID 2032 wrote to memory of 2132	2032	Unicorn-46425.exe	113
PID 2032 wrote to memory of 2132	2032	Unicorn-46425.exe	113
PID 2148 wrote to memory of 2508	2148	Unicorn-16175.exe	115
PID 2148 wrote to memory of 2508	2148	Unicorn-16175.exe	115
PID 2148 wrote to memory of 2508	2148	Unicorn-16175.exe	115
PID 4208 wrote to memory of 4876	4208	Unicorn-25163.exe	116
PID 4208 wrote to memory of 4876	4208	Unicorn-25163.exe	116
PID 4208 wrote to memory of 4876	4208	Unicorn-25163.exe	116
PID 2612 wrote to memory of 5000	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	117
PID 2612 wrote to memory of 5000	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	117
PID 2612 wrote to memory of 5000	2612	396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe	117
PID 1100 wrote to memory of 3416	1100	Unicorn-61370.exe	119
PID 1100 wrote to memory of 3416	1100	Unicorn-61370.exe	119
PID 1100 wrote to memory of 3416	1100	Unicorn-61370.exe	119
PID 2104 wrote to memory of 1056	2104	Unicorn-10218.exe	120
PID 2104 wrote to memory of 1056	2104	Unicorn-10218.exe	120
PID 2104 wrote to memory of 1056	2104	Unicorn-10218.exe	120
PID 3908 wrote to memory of 408	3908	Unicorn-49523.exe	121

C:\Users\Admin\AppData\Local\Temp\396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe
"C:\Users\Admin\AppData\Local\Temp\396fa306b619ac72263d94292b42314f052c41c4424275aefbe8df83fc3e68db.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        11⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        11⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        11⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 636
        12⤵
        Program crash
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        11⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 640
        12⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 656
        11⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        10⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        10⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        11⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        12⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        11⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
        10⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 636
        11⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        10⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        9⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        9⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        11⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        12⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
        11⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        10⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        9⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        10⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        9⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        8⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 636
        9⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        8⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 644
        9⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 632
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 676
        8⤵
        Program crash
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        9⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 636
        10⤵
        Program crash
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        11⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        10⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        9⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        10⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        9⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        8⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 636
        9⤵
        Program crash
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49596.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 544
        9⤵
        Program crash
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        8⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 636
        9⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        7⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 636
        8⤵
        Program crash
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        7⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 636
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        7⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 724
        13⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 640
        11⤵
        Program crash
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 632
        11⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
        10⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        9⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 628
        10⤵
        Program crash
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        9⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        10⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        12⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        12⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        10⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        10⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        9⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        9⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        9⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
        9⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 636
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        9⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 640
        10⤵
        Program crash
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60208.exe
        9⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        10⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        9⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        8⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 636
        9⤵
        Program crash
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 672
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        7⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 636
        8⤵
        Program crash
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        7⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 640
        8⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 636
        12⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 636
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
        10⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        11⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        11⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        10⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 756
        9⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 756
        9⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 636
        9⤵
        Program crash
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        8⤵
        
        PID:664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 724
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45242.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        7⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 636
        8⤵
        Program crash
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 664
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        6⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 636
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        6⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 724
        7⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        6⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        7⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        6⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        8⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 636
        9⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        9⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
        9⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        8⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 720
        9⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        8⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        8⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        8⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 636
        9⤵
        Program crash
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 732
        8⤵
        
        PID:10116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 768
        6⤵
        Program crash
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        8⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 636
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 548
        7⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        5⤵
        
        PID:7964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 636
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        5⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 720
        5⤵
        Program crash
        
        PID:3244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 764
        5⤵
        Program crash
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        8⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 676
        9⤵
        Program crash
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        8⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 640
        9⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        9⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        8⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22243.exe
        8⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 636
        9⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        8⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 644
        9⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 716
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        8⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 724
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        8⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        9⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        12⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 652
        10⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24271.exe
        9⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        10⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
        11⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 636
        8⤵
        Program crash
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 628
        7⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        6⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        8⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 636
        9⤵
        Program crash
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 652
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        8⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 636
        9⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 656
        8⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 640
        8⤵
        Program crash
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        7⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        6⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 636
        5⤵
        Program crash
        
        PID:5684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 680
        5⤵
        Program crash
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
        5⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        9⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        6⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        7⤵
        
        PID:10908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 756
        6⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        5⤵
        
        PID:8488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 628
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        5⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30183.exe
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
        7⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
      4⤵
      PID:7956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 636
        5⤵
        Program crash
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      4⤵
      PID:13988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4720
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 636
      4⤵
      Program crash
      PID:2872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 636
      4⤵
      Program crash
      PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 724
        5⤵
        Program crash
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 724
        5⤵
        Program crash
        
        PID:444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 740
      4⤵
      Program crash
      PID:2156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 768
      4⤵
      Program crash
      PID:528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        8⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 636
        9⤵
        Program crash
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 636
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 636
        8⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        8⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        8⤵
        
        PID:7064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 748
        6⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        6⤵
        
        PID:6920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 656
        6⤵
        Program crash
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        6⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        7⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 728
        8⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        8⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
        7⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1018.exe
        7⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        5⤵
        
        PID:10792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 640
      4⤵
      Program crash
      PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
    3⤵
    PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        5⤵
        
        PID:6608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 728
        6⤵
        Program crash
        
        PID:8512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 752
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 636
        5⤵
        
        PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        5⤵
        
        PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
      4⤵
      PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
    3⤵
    PID:6668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
    3⤵
    PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        5⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        6⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        7⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        5⤵
        
        PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
      4⤵
      PID:13316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 636
      4⤵
      PID:13188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
    3⤵
    PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
      4⤵
      PID:13640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 632
        6⤵
        Program crash
        
        PID:4988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 652
        6⤵
        Program crash
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 724
        7⤵
        Program crash
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        8⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 636
        9⤵
        Program crash
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 636
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        9⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        10⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        9⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        8⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        9⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 676
        7⤵
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        9⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        11⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        10⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        8⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 636
        9⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46061.exe
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        7⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 648
        7⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
        6⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 628
        7⤵
        Program crash
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        9⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        9⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62471.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        9⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
        6⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        6⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        6⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 644
        7⤵
        Program crash
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
        6⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 636
        7⤵
        
        PID:9556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 664
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        7⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        8⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30902.exe
        6⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        7⤵
        
        PID:14528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 788
        5⤵
        
        PID:12948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        7⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15148.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        11⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
        12⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        13⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        12⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
        11⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        11⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        10⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        10⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        10⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 660
        9⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        8⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 720
        9⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        8⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
        8⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 636
        9⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 636
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        7⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 636
        9⤵
        Program crash
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        8⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        9⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
        10⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        11⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        9⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        10⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        9⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        9⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        7⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 636
        8⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        6⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 636
        7⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        6⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        7⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 640
        8⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        8⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        7⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        6⤵
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 644
        7⤵
        Program crash
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        6⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        7⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        7⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        5⤵
        
        PID:7640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 636
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
        5⤵
        
        PID:8988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 640
        6⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        6⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
        5⤵
        
        PID:8012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 636
        6⤵
        Program crash
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        6⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        5⤵
        
        PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        5⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        6⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 640
        7⤵
        Program crash
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 724
        7⤵
        Program crash
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
        6⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 640
        7⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        6⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        7⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        6⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64993.exe
        9⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        7⤵
        
        PID:10980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 756
        6⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        5⤵
        
        PID:8528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 648
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26156.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        5⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        6⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 636
        7⤵
        Program crash
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        6⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
        6⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        5⤵
        
        PID:7932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 640
        6⤵
        Program crash
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        6⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
      4⤵
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 724
        5⤵
        Program crash
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
      4⤵
      PID:8952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 636
        5⤵
        
        PID:9452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
      4⤵
      PID:14308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        7⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 636
        8⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 640
        7⤵
        
        PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        7⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 636
        8⤵
        Program crash
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 656
        7⤵
        
        PID:10236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 656
        6⤵
        Program crash
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        7⤵
        
        PID:13928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 740
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        6⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 732
        7⤵
        Program crash
        
        PID:9840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 728
        6⤵
        
        PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        5⤵
        
        PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
      4⤵
      PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
      4⤵
      PID:12036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 720
    3⤵
    - Program crash
    PID:4948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 764
    3⤵
    - Program crash
    PID:992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 636
        5⤵
        Program crash
        
        PID:3352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 676
        5⤵
        Program crash
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 764
        5⤵
        Program crash
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        7⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 636
        8⤵
        Program crash
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24703.exe
        7⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 636
        8⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 660
        7⤵
        
        PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 724
      4⤵
      Program crash
      PID:4028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 744
      4⤵
      Program crash
      PID:4372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 636
      4⤵
      Program crash
      PID:4800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 636
      4⤵
      Program crash
      PID:2200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 636
    3⤵
    - Program crash
    PID:1056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 676
    3⤵
    - Program crash
    PID:3512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
    3⤵
    PID:3736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 724
    3⤵
    - Program crash
    PID:5036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
  2⤵
  PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
    3⤵
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      4⤵
      PID:8064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 720
      4⤵
      PID:10268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
  2⤵
  PID:5420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
      4⤵
      PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        5⤵
        
        PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
      4⤵
      PID:10648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 652
    3⤵
    PID:10100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
  2⤵
  PID:8724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
    3⤵
    PID:11084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
  2⤵
  PID:10984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
    3⤵
    PID:14368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
  2⤵
  PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4720 -ip 4720
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2840 -ip 2840
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4720 -ip 4720
1⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2840 -ip 2840
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3528 -ip 3528
1⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3528 -ip 3528
1⤵
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1456 -ip 1456
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1056 -ip 1056
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4940 -ip 4940
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1056 -ip 1056
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1456 -ip 1456
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4940 -ip 4940
1⤵
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2468 -ip 2468
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4516 -ip 4516
1⤵
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5080 -ip 5080
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2628 -ip 2628
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2132 -ip 2132
1⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3416 -ip 3416
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3908 -ip 3908
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3216 -ip 3216
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5000 -ip 5000
1⤵
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4728 -ip 4728
1⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 408 -ip 408
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1100 -ip 1100
1⤵
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2104 -ip 2104
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2148 -ip 2148
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2132 -ip 2132
1⤵
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3416 -ip 3416
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3908 -ip 3908
1⤵
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3216 -ip 3216
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4728 -ip 4728
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5000 -ip 5000
1⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 1100 -ip 1100
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2104 -ip 2104
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 408 -ip 408
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2148 -ip 2148
1⤵
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 2468 -ip 2468
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5080 -ip 5080
1⤵
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4516 -ip 4516
1⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2628 -ip 2628
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 392 -ip 392
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1428 -ip 1428
1⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 392 -ip 392
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1140 -ip 1140
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1988 -ip 1988
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3036 -ip 3036
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4988 -ip 4988
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4872 -ip 4872
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2904 -ip 2904
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3036 -ip 3036
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1988 -ip 1988
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4872 -ip 4872
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4804 -ip 4804
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2904 -ip 2904
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1428 -ip 1428
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2860 -ip 2860
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1592 -ip 1592
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5036 -ip 5036
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1596 -ip 1596
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4992 -ip 4992
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4512 -ip 4512
1⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2204 -ip 2204
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3568 -ip 3568
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2616 -ip 2616
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4804 -ip 4804
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3736 -ip 3736
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1268 -ip 1268
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5760 -ip 5760
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3288 -ip 3288
1⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 4588 -ip 4588
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1592 -ip 1592
1⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2860 -ip 2860
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5036 -ip 5036
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5232 -ip 5232
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1596 -ip 1596
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5604 -ip 5604
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4992 -ip 4992
1⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5396 -ip 5396
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2872 -ip 2872
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3648 -ip 3648
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3180 -ip 3180
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4512 -ip 4512
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2204 -ip 2204
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2616 -ip 2616
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3568 -ip 3568
1⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6060 -ip 6060
1⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6116 -ip 6116
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3736 -ip 3736
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 536 -ip 536
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5076 -ip 5076
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1268 -ip 1268
1⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3288 -ip 3288
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4588 -ip 4588
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5232 -ip 5232
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5568 -ip 5568
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5972 -ip 5972
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2872 -ip 2872
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5800 -ip 5800
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5396 -ip 5396
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5604 -ip 5604
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1484 -ip 1484
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5324 -ip 5324
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5328 -ip 5328
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3648 -ip 3648
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4988 -ip 4988
1⤵
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1140 -ip 1140
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6060 -ip 6060
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 536 -ip 536
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5076 -ip 5076
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6116 -ip 6116
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6040 -ip 6040
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6032 -ip 6032
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5728 -ip 5728
1⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2364 -ip 2364
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5920 -ip 5920
1⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5568 -ip 5568
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5972 -ip 5972
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5140 -ip 5140
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3164 -ip 3164
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5316 -ip 5316
1⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5820 -ip 5820
1⤵
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4068 -ip 4068
1⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3104 -ip 3104
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5772 -ip 5772
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6560 -ip 6560
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6476 -ip 6476
1⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6764 -ip 6764
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6880 -ip 6880
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6668 -ip 6668
1⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6928 -ip 6928
1⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6936 -ip 6936
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6280 -ip 6280
1⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6320 -ip 6320
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6776 -ip 6776
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6184 -ip 6184
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5420 -ip 5420
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5928 -ip 5928
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3868 -ip 3868
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6732 -ip 6732
1⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5800 -ip 5800
1⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5324 -ip 5324
1⤵
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5328 -ip 5328
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3256 -ip 3256
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5132 -ip 5132
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7020 -ip 7020
1⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6848 -ip 6848
1⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6964 -ip 6964
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2984 -ip 2984
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6920 -ip 6920
1⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5380 -ip 5380
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5428 -ip 5428
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5384 -ip 5384
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5776 -ip 5776
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2632 -ip 2632
1⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2508 -ip 2508
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1320 -ip 1320
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1064 -ip 1064
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4180 -ip 4180
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5512 -ip 5512
1⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5792 -ip 5792
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6124 -ip 6124
1⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 4280 -ip 4280
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 208 -ip 208
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5752 -ip 5752
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5212 -ip 5212
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5716 -ip 5716
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6232 -ip 6232
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 4860 -ip 4860
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5240 -ip 5240
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 5728 -ip 5728
1⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6032 -ip 6032
1⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 5920 -ip 5920
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6040 -ip 6040
1⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 2364 -ip 2364
1⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3164 -ip 3164
1⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 5140 -ip 5140
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 4068 -ip 4068
1⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5820 -ip 5820
1⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5316 -ip 5316
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 3104 -ip 3104
1⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 5772 -ip 5772
1⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6476 -ip 6476
1⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 6560 -ip 6560
1⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6764 -ip 6764
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6928 -ip 6928
1⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 6880 -ip 6880
1⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6936 -ip 6936
1⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6668 -ip 6668
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 6320 -ip 6320
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 6280 -ip 6280
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 6776 -ip 6776
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 6184 -ip 6184
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 5420 -ip 5420
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 3868 -ip 3868
1⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5928 -ip 5928
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6732 -ip 6732
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3256 -ip 3256
1⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 7020 -ip 7020
1⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5132 -ip 5132
1⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6848 -ip 6848
1⤵
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 4220 -ip 4220
1⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6964 -ip 6964
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 3692 -ip 3692
1⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5924 -ip 5924
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6616 -ip 6616
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6204 -ip 6204
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6608 -ip 6608
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 464 -ip 464
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2076 -ip 2076
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5788 -ip 5788
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6912 -ip 6912
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 828 -ip 828
1⤵
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 2984 -ip 2984
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6920 -ip 6920
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5380 -ip 5380
1⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 5428 -ip 5428
1⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5384 -ip 5384
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 2632 -ip 2632
1⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5776 -ip 5776
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7268 -ip 7268
1⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2508 -ip 2508
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2856 -ip 2856
1⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1596 -ip 1596
1⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1924 -ip 1924
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 7640 -ip 7640
1⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7964 -ip 7964
1⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7596 -ip 7596
1⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7892 -ip 7892
1⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5412 -ip 5412
1⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 7720 -ip 7720
1⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 6636 -ip 6636
1⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6016 -ip 6016
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 3648 -ip 3648
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6540 -ip 6540
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 7448 -ip 7448
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5864 -ip 5864
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 7728 -ip 7728
1⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5272 -ip 5272
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4180 -ip 4180
1⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7240 -ip 7240
1⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 1352 -ip 1352
1⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5188 -ip 5188
1⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7712 -ip 7712
1⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 7932 -ip 7932
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7912 -ip 7912
1⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1320 -ip 1320
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1064 -ip 1064
1⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 7976 -ip 7976
1⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7632 -ip 7632
1⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 8012 -ip 8012
1⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5512 -ip 5512
1⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7956 -ip 7956
1⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5792 -ip 5792
1⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 8148 -ip 8148
1⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7704 -ip 7704
1⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6124 -ip 6124
1⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4280 -ip 4280
1⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 208 -ip 208
1⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5752 -ip 5752
1⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 8028 -ip 8028
1⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6696 -ip 6696
1⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1076 -ip 1076
1⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1056 -ip 1056
1⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 4708 -ip 4708
1⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 6260 -ip 6260
1⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6152 -ip 6152
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6588 -ip 6588
1⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5936 -ip 5936
1⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6200 -ip 6200
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6944 -ip 6944
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 6028 -ip 6028
1⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6468 -ip 6468
1⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 6896 -ip 6896
1⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 8064 -ip 8064
1⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8044 -ip 8044
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5212 -ip 5212
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5716 -ip 5716
1⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6232 -ip 6232
1⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6796 -ip 6796
1⤵
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 220 -ip 220
1⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6980 -ip 6980
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6888 -ip 6888
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 5756 -ip 5756
1⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5816 -ip 5816
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 3972 -ip 3972
1⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2696 -ip 2696
1⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4816 -ip 4816
1⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1428 -ip 1428
1⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 7848 -ip 7848
1⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5392 -ip 5392
1⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7544 -ip 7544
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 664 -ip 664
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 8168 -ip 8168
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1412 -p 7748 -ip 7748
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 6904 -ip 6904
1⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 6800 -ip 6800
1⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 4732 -ip 4732
1⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1436 -p 6612 -ip 6612
1⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6068 -ip 6068
1⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5040 -ip 5040
1⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5724 -ip 5724
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 3180 -ip 3180
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 8696 -ip 8696
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 8052 -ip 8052
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 5972 -ip 5972
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7776 -ip 7776
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1436 -p 8316 -ip 8316
1⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 8396 -ip 8396
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 2476 -ip 2476
1⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 8488 -ip 8488
1⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 8388 -ip 8388
1⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7576 -ip 7576
1⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 8588 -ip 8588
1⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 8416 -ip 8416
1⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 8648 -ip 8648
1⤵
PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe

Filesize
468KB

MD5
ded127d9f754e31010be4fe826ad093c

SHA1
6c21bf2dbc8af77de273973699e5b856367ff03e

SHA256
567603af6461ffc05a391ec74fb80cab506dbc5a06b19d1829f2996fb5820dc1

SHA512
0823819ae64366c4955a5fdacd3274aa5819fa8bb97528ecfc4ab6bdcac0f5fc4bb27c9e9707895d49880a93d4d721cf86a885250f7f24ad679ecc28dffa2d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe

Filesize
468KB

MD5
42502c3ec7783a2e0ff630a0b6321f55

SHA1
bdd6dede85b2d6d4f6912b8e95cb3a845f2849d0

SHA256
9de199a22c72355af49198a509d7a28b4ec0f1694a18238a1ea2a4c8503e465d

SHA512
d14e4d20642716df6994e0d2a620cd4930d435ebacce61a286f1625895c996904b340b00c71016782537e884ccb15d588b2ee324221011cab200dc18611442b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe

Filesize
468KB

MD5
15bce3971f935dac262b7d81dcdc4e94

SHA1
9702a4597c6131abe21614b481bd16b5c65f2033

SHA256
edc5c6fca6be62ccc250dd2a59f574d32c21fb547dfb29db3edb18df341ac872

SHA512
43e7f7973aca43de6302f709c86e4799a8636ab9ee0ff31d31756419a9cc9d2ba6501d78badbd7b4a8acdba96de13811fb166bccb6e4e6907ade452e4cc42691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe

Filesize
468KB

MD5
65daaac53df0a415d781c0d452c43b5f

SHA1
621c541ca6da700563896e76b39dc043f5ad1153

SHA256
b0cfcf838aba049e4553c93ecd252c4c2e5638cba12fa3f8fd6a24862dd11e59

SHA512
dbc1314ca8d78ad795e8684d1fca830758e767a4704267c41d1981cadbd4de4e0ed87d437c7198ecad240f20ce7926d28a6cea513d5dfa61426c6bb4a5bd6d75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe

Filesize
468KB

MD5
3d3bfa06d691a6790aaa6beb66c59112

SHA1
7cd10cbfa83d4249094df4efeae0c47e6371906a

SHA256
54af5dc7995639989972979189a1de025d5a356c95bab92154422e650c03f148

SHA512
d85c2b3dd4f3d6211c002476309d44f1ecac7ec179e76bd933351e7907578b522eb18a4c743568490755905e06ce054c5322743509561fa860226a5cad015f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe

Filesize
468KB

MD5
a8c2aa489f7a89fe28c62be7fc2db00f

SHA1
33fd73e61d5c6b4a16c4ae49b051965899a55b0d

SHA256
610cd828faab35f5c122f90fa8ae58a787e717075ecdb31c39642f2c0385c6ac

SHA512
4f6630d5abccf324015c372842b49b9cff924011dfc59eb4f86b6f237aeca88eff383b226558031bbe778d62d868dcb639fba34c199286217342c7a4c1bae081

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe

Filesize
468KB

MD5
7ba3f77d598883df3d4cde0136694f0f

SHA1
eaad2849d6471ec2339a9de4cb0b670bf234966c

SHA256
113b219d89fd975911ae31cff2dd4fb1ab3fb6fbe59bb7376a961114998b0f3b

SHA512
dfcbc9238e8a54fdddf6db370f8d94b090a9df9c11a6ddc5ff59a1c134dba6c94c12e0e9611e47efc53e74e0a8e6d547f8c22215d290b5aba6055665f735eacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe

Filesize
468KB

MD5
fbb22f3c13a4be0302ac0bf78b815a06

SHA1
1a7e95b4e4cea60056d203c9cf4b85fdf5026faa

SHA256
495fb2e6ec9292596cd06ff9ef07c8025cf8f78a8897ce9745cabe14630e14c8

SHA512
1fda744eed051f0bb81645e6e421f0b5bdcd86cd10f9185e81537c4fa8d0660025129be421792cc211f5121293228601f67ef2e0a67a545ec897a4aef1a6a118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe

Filesize
468KB

MD5
c5d8a652c8239c6bf5d403ee728de266

SHA1
0e051e61c1450f810abfd5704740b268042463c9

SHA256
776d192a700ffc9fa79856028c66bf3b54bce7ba33c7d1ab0f2d61a0610fb5b3

SHA512
06d7dc05facfd0a66c47b88cfeae54ed15af455047531b6359064a30ff969503156836c39a9e5944e65712bdc92d61707d9a08e0fd2e1bebcebd78d222d57f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe

Filesize
468KB

MD5
afc9fe0b8c1c9da5cff57e3494b576a5

SHA1
52844579ed655d44043ebf890374b86b653bec06

SHA256
07ff99f62fc619df1f3f1a78ad744c54e1dd0dc817564f2f63733c67eab44a3f

SHA512
107f469eb22859ef1cf382bd549e58d0fbfa81e87ef2a65896e222c491475b6f3c54bb3d89b78aef8079f406dd8d53770d103d69c9958c1a7ac696b9fbb066d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe

Filesize
468KB

MD5
70078384a62cc53c97ef4e851d713537

SHA1
f6aaaaca95075107eace26b84a10dff205c71f97

SHA256
3fcd91f852d80cfde280d819da34acbc0145ad5b57aa49b1e5b5865ed470383a

SHA512
e31c4c0a7e42559fcd0d887783919be13e372d8856850fb30124a9b9910155aff65ca3b75bcd69a579f36935025bc8b5d1f3bf6555019a4395ff47df4ccac591

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe

Filesize
468KB

MD5
de9f5819cc035503c61902ddcebc9f28

SHA1
0098dc80fe0603dae3e37333ddf0c8b1891dc918

SHA256
77b0e9756c6c794cb39fdbb5840cd4ae332b48077e16e65d760d15c76ea13b9d

SHA512
b25a89eebaeb97e1545eb7d651ce603051dc8f13c455218178a0f46496ca5b16b91a9415767657399d6eb7d71969644f3a3f0affc0232fb7c02bdc2624636072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe

Filesize
468KB

MD5
074d51b36de2b0d9be5b09c75f0f6dbb

SHA1
bb2cd4fe958f272cff4741437838f65df92d95dd

SHA256
0b9e64b2350d59bdd38f9228398e2b04371ef2179dd583ec7d8abfcb57e1bd99

SHA512
3a73908bc569a2a718cdd39276c27762ac16cc6e1b61b7d90860342d7a82b3d6d7e407a0ee725ac265a60c22a75596f30bbc75c74a2a8c50b3847c191f0f0b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe

Filesize
468KB

MD5
2d7e67eeb190639acf679c40179e4418

SHA1
b6f9a946f6b790c31b87aefc95dcaf6beaa4447f

SHA256
929794f37ab1db4bfbab3dbe3c180f52b437bfd24e1757cbc40e6aa81725b989

SHA512
48a10a241ff7a410e0b0ee50f0ecf606cb155249270ec98f114c13617d6d42711d413dbc79416b328c3ed1d1e6c2ac5f2f58f5c2e02e636f74e980badf3e883d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe

Filesize
468KB

MD5
d027ae8761b8353b733901845f1c42b7

SHA1
77b997b7d9183c546253fe1b74364089a2b8422d

SHA256
4a5cf029f88730679383cf1b4126980cbe4ca1aa66e171aa4c3b9fcd39fc86ce

SHA512
f46ff244cc1bd8882d025db5a6ed830fd93068fda178abcce86278181627ab470a9a38e3527cd864dca1b57b3382dcc592673fc53454b521ba66e8d0e5704163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe

Filesize
468KB

MD5
6372c780de0be9056b0e3795a4846706

SHA1
aaebcd9bd68788f84674b6ecffec8364f8bdda88

SHA256
8419fd39c7f8016bfab49efd2bef03ec7e318b8efb8d58d54a61b849afa39507

SHA512
b90abe349b4c928449bfc840fde7b49d581ee642d3c1702359398c85b3c2caf145c229f5503dd014c64a52a8804426fbc4141e5707fc67aa37cc227129303a18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe

Filesize
468KB

MD5
8ec0ac7da1f921079305980dfda669a5

SHA1
129adb8037c618c6d40c7121c14bbf952ca49c7d

SHA256
a3a2e50d56838eb9a5934b1843ce92c43f13d3e432d19033ceb1aa348382e75b

SHA512
987cadcf90ead1663b45bbdc2c11bcb42c1665cdd286842644b42cfa02f969dba211de099c066ff572f20190c3d9e7caa96795ab0e50ca56619dbd7b05550ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe

Filesize
468KB

MD5
45cf13c3de82e1e197ebbdc53919ad46

SHA1
1c122ee44cfaa4f13eda2bc8b66e8b07f70f0dfc

SHA256
f66e89173e41f1a0a29623c0c62ae636d929a1b527037a8c1feda0a68092c923

SHA512
c735963675ca645ba1b973e0f7042c50a5cd2ef0b8b769296c3d0e9c74add9d9bc2a7460bed8e6bebf01d8b5d0b798f3ca153583b5b517a78e5227a536061da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe

Filesize
468KB

MD5
48cfb116069cda3cb96946b9b7c56745

SHA1
4972176942d683d32d170b8db45fe670c99318df

SHA256
bc1ca1b4b779d84a71c4cb954e3e381e2cd73185814525832f98728f5b007deb

SHA512
b020fc10fb5390ea7a0738fcbeba57985d1878c3156d13cc4f0bd0d646605f86210fdf76202ccd7a6f8fa4635354e00b5eae93c25fb9ab553104bbeb1be7c82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe

Filesize
468KB

MD5
d140a0521039ced749d0873e39dedad4

SHA1
b64727dc41e9875c006c1125b31d4bf25cf007a3

SHA256
ccd8107a756f54ea91dccb8f04867e6790cae4fdbbf73c00fcc45ee7e0283fef

SHA512
ae7c4ae347b596ae0fff33346912b4f7912c73a8e61c4c58747ac088819d0fceb5a8ea661dafa9c8ad3612be4ef68cea802b4c76d59d541c7ee4e73dcb24d9f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe

Filesize
468KB

MD5
3f8159d995cdf0711a121328b7a97e68

SHA1
4bd423f1e31ae96ba3661e825de11f228637c51d

SHA256
d328a72856b3b26e304e88ed0d6dea7257158f0aaff5c18451126bf3e531ee66

SHA512
882cbf6478e6a45ade6a56dcca3a92ebcfe8d1e628e1a854726c76c7cf84e7376b41d3a5e397615398981deb0160983ec03fc37579f9ec298dcb4d82aa5aeacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe

Filesize
468KB

MD5
6b8946ac651e0459690233a2248b2a6b

SHA1
c72f76b2ce1452b79d85c29358ef96f20f3c6e64

SHA256
d644805b80f4b225a6b6ebd644c57fe8fa66ffda45f71e587162e319c0aaeda1

SHA512
797ac036b2d25c1f285a5ef8b8f81e270cec289b5b600d20052f1b6764b5ab609c804abfadc37bd5625f7f8da3a2fb134851f5eef3c42c62574970a6cf8ce85d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe

Filesize
468KB

MD5
7a4d7d87399b886df6e9dde33eae2856

SHA1
70d6139ac53bc17bfd160a3a136dc6b3afdc10fd

SHA256
d8baa1f3781ab3fe82278a1c6633d6d6d9bfe0a2a166426853575d3378c9d9f7

SHA512
0fa62e8f453b948a6efb0944593c5cd6c7e5aa1fd569af3f7b390a8a76105906e08607936c1f490d42178753f691bc0d6d6b1a376318561caeba17f124d9aa79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe

Filesize
468KB

MD5
d81f4aaacd36076dfbebf5178052f583

SHA1
8d1cb9762d32247aedb8dc267c967ffeddce199d

SHA256
f09c86e6e1554f2d59f6425a7fca7f506bfb3402222834dabc2cd2ee80f9f7ed

SHA512
e4a1d0a391e3d9b476387bd98057bdc366f400e239e3790e4e56c270dc16ad78a1d0d7dfa9f218286234089947abaaaf4a34f8213affec7d89a530a3aa2f35cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe

Filesize
468KB

MD5
5ab99e41c9cfe237496192419f372c58

SHA1
93b63bbfdd94e3977be9c3e91de841ac8027b984

SHA256
44084343eba4795ab28bad4c8284aaf6474534daa5570054f48df390dd890b72

SHA512
d276138b6280fa179ed40d17741a6ee1d39af7a4ba0ac32968a14c2af070bfd8220cb0e77e99337528303fd93d1e6b3963b16f1fabdc30b30727616514df61ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe

Filesize
468KB

MD5
9f92c0e70af08c2946e86284cbe6aaad

SHA1
cdbe2ab6eeb9fefb4baa8d03670c67404a2ae19c

SHA256
a7c23af274e51ab21a76c9e120ccb4a1fd44b2dca0ae6ff7c42da19a72d5a430

SHA512
4e14fa636471ebbea9ee1a568c05c33c7db7a9bc76d5ded1c04a45cb02dd4c91fe1cc2cc38d7c4410fa66eb8cbecc94b445c9bd5b0df5a1bbb71638ebb8cb508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe

Filesize
468KB

MD5
cbbdba2049d2d85252cd80f6b0e3d93a

SHA1
73ffda6556a541a04481dc5c7999b489adbe4d49

SHA256
d8ac4bf84764b19ebf657a02275afc8a9d0c8b00af917b9a82c8289a1b3c1ec1

SHA512
cfc529a2f0748097635e85ab895ac7cdadd8737581e265b2318881a3a8995abe2b53c005d87b57ad7a428dc80adca047a40f963da9a7837e96c940c6b3367071

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe

Filesize
468KB

MD5
30e6612593e9e99613180bbd4d4e4b29

SHA1
e925418e4ab7697e030bf9b9cb38241db815c0a7

SHA256
bd778fa5aeb34644d320dedf7fec4d4d6fb1b79a13d8efe7722f172d2f0767b1

SHA512
0b99df6459875e46b93ee4d91f8fd3af43da3f48e41f75b3ff2be2f699072878fffe10c976a08e0c72262a5a00b9ab76f0994fbf4132840d7922a446d9d9bb14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe

Filesize
468KB

MD5
bdaf4475c66297cbecce1da54cdc1106

SHA1
27aa62bcbe24ec4be5cc2dc5da85ad471437cb17

SHA256
5aeb844acfb26718ceea4ee423cd25224dc84f813fa95acf844e8569fac93913

SHA512
230b06ea80980169dd9834cd8400f601adfc03969f5a430e83836fb0baf80e40af62f107277ca1e06d5a7d625190aa43418373a3cdc1f33fde057313d7768bd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe

Filesize
468KB

MD5
d61c3d51867a66c26963cffd45d2f918

SHA1
1c6b1bdca53225e07ed2b875036434b1cdabf96b

SHA256
5ce7e9ca3ef81a97ba4af01e7ea18ea42dbac72c08ee6994e91e23679ec9df52

SHA512
f7da02504648ac905006a7156a0222391aaeb8d863a67d7c889d82d5df1ae9a8c4eea4e24b7d9dc16788f745f1467625f275e8e8ae6e567b5f5c70326966ade5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe

Filesize
468KB

MD5
663001a6591ee5686441d79f5d021a1c

SHA1
4b01065491928813fda3167a29757a5798ff227f

SHA256
f838e0cc1547f60f3427e79a13cd68dbf9f55a739bc3904438af63c1738f9011

SHA512
34921e3fab9d3e12a92197d1939db8bf7fd5c04a6d35208a450d9bf365fd3c03eae577190a54748adc239faa6bc9179e6d31e82099df69f9617bdc4b2a53d439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe

Filesize
468KB

MD5
ab177041d96b3019656b339d28b5982a

SHA1
d04c20fcf12904a908e87b82e5a52d39a1dfb041

SHA256
43e737c330e204fe5b08602195848485ce626f07b5627f9222406c1f1f30df1f

SHA512
db67a523742ff45122f0ee681ba01f53289d7112f2f72a30184e51d4e27d3e519847a467c75590a02d1902980bb703fb55c8ebba482db7b4afecb355c65e1b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe

Filesize
468KB

MD5
f0b4f518cfde6beaee1f35d5f0dfbd85

SHA1
00c73f8a4d9852902bfa654956c952e75221497b

SHA256
19a4c6c80c1b697b5468024ae85d77d36bcec168467f053b140c052084b0a7c7

SHA512
b14100d8574257d5e0e1039837c06b7b62df9a864ab5e768eff4efdd6b6fa608ffb05bf0d7938ac4042ec95b61527f9193559fa4ee1f8d6491ac0a589a503146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe

Filesize
468KB

MD5
ee2b6b1f0b440929c323b87cdcd74cc8

SHA1
0c1cd01d11a6608b63844e7bca94c22f2bc8aa9b

SHA256
fe3bc0a147f5e9fb5f4cba9968a34339737beeb8b9fffd4ebb861c77f6d98daf

SHA512
336502421b1a3bb7daf65b9c725f47ec734d0c2778a37a2ae6296f65b6d3d5c204fea94ff4a9d9a06265723596601339787c40800d6493129c52bf5a424d3dbd

Download Submit
memory/5000-323-0x0000000002F90000-0x000000000306B000-memory.dmp

Filesize
876KB

Download
memory/5188-2621-0x00000000751E0000-0x000000007523F000-memory.dmp

Filesize
380KB

Download