5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a

Analysis

max time kernel
33s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe
Size

468KB
MD5

438668444a6a6652708db54afb8d4ac5
SHA1

bc43cb4343d78f89a83614feb8f20115e41003e9
SHA256

5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a
SHA512

f0fc5ccd40a35e945407a53c54abfe7076cf6d358687bde0fb434caa5f2c8a509c718edf51e960bf67ab17d52ec7805c4f4a645b326ddf505ccf3af7f12423d0
SSDEEP

3072:uG3HogISIE5TtbY2HzcOcf8/vChaP0p2JVHeTVPVb7qL67tgEElL:uG3obMTtxH4OcfSYHTb7s4tgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
680	Unicorn-11652.exe
1560	Unicorn-62005.exe
1604	Unicorn-47293.exe
4092	Unicorn-35446.exe
3128	Unicorn-35446.exe
3848	Unicorn-33399.exe
4112	Unicorn-19664.exe
1036	Unicorn-59540.exe
4132	Unicorn-43758.exe
516	Unicorn-33967.exe
1408	Unicorn-18185.exe
1316	Unicorn-38051.exe
3916	Unicorn-12477.exe
792	Unicorn-64428.exe
4456	Unicorn-41158.exe
1060	Unicorn-308.exe
2792	Unicorn-51133.exe
4588	Unicorn-16152.exe
3116	Unicorn-36249.exe
4872	Unicorn-65160.exe
4480	Unicorn-14013.exe
4376	Unicorn-46364.exe
4556	Unicorn-692.exe
4296	Unicorn-14013.exe
920	Unicorn-5845.exe
3360	Unicorn-14320.exe
3404	Unicorn-17120.exe
3424	Unicorn-49436.exe
1656	Unicorn-60739.exe
4696	Unicorn-1979.exe
2008	Unicorn-40319.exe
2944	Unicorn-24951.exe
4944	Unicorn-6468.exe
4436	Unicorn-41279.exe
4052	Unicorn-61185.exe
820	Unicorn-57423.exe
224	Unicorn-22613.exe
4728	Unicorn-27766.exe
3024	Unicorn-41087.exe
1988	Unicorn-41087.exe
4144	Unicorn-50900.exe
1736	Unicorn-3837.exe
2820	Unicorn-28433.exe
3600	Unicorn-39824.exe
4564	Unicorn-63707.exe
4704	Unicorn-30594.exe
3552	Unicorn-19659.exe
4012	Unicorn-33394.exe
1540	Unicorn-44413.exe
1872	Unicorn-24812.exe
3480	Unicorn-41724.exe
5068	Unicorn-25711.exe
2608	Unicorn-2083.exe
4452	Unicorn-32545.exe
3472	Unicorn-57869.exe
2132	Unicorn-12197.exe
4624	Unicorn-36794.exe
3712	Unicorn-51092.exe
4836	Unicorn-35332.exe
3492	Unicorn-19550.exe
5020	Unicorn-12581.exe
5076	Unicorn-10121.exe
1396	Unicorn-329.exe
2816	Unicorn-12481.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3092	1560	WerFault.exe	93
2960	4456	WerFault.exe	108
3412	3848	WerFault.exe	99
3276	4456	WerFault.exe	108
4064	1560	WerFault.exe	93
3256	3848	WerFault.exe	99
2240	4556	WerFault.exe	116
4604	3404	WerFault.exe	121
4792	4132	WerFault.exe	102
1896	792	WerFault.exe	107
3860	4556	WerFault.exe	116
2352	3404	WerFault.exe	121
1400	4132	WerFault.exe	102
1788	792	WerFault.exe	107
5376	4144	WerFault.exe	149
5436	4704	WerFault.exe	156
5492	1736	WerFault.exe	151
5796	3552	WerFault.exe	157
756	5764	WerFault.exe	223
6252	4944	WerFault.exe	139
5904	4696	WerFault.exe	136
3272	5180	WerFault.exe	200
7728	5624	WerFault.exe	272
8188	224	WerFault.exe	144
8104	3024	WerFault.exe	147
7192	4012	WerFault.exe	158
6848	6724	WerFault.exe	337
6028	6868	WerFault.exe	345
8732	5452	WerFault.exe	256
6068	6892	WerFault.exe	346
9212	6860	WerFault.exe	344
9276	6984	WerFault.exe	378
9160	7608	WerFault.exe	391
9140	4564	WerFault.exe	155
9016	2996	WerFault.exe	258
9556	7040	WerFault.exe	356
9720	5216	WerFault.exe	275
9740	3124	WerFault.exe	364
9732	6952	WerFault.exe	349
9668	7092	WerFault.exe	358
9548	7040	WerFault.exe	356
9416	6480	WerFault.exe	435
4780	5632	WerFault.exe	448
9312	5132	WerFault.exe	197
9192	2008	WerFault.exe	137
2044	3912	WerFault.exe	196
8840	4624	WerFault.exe	172
3400	4052	WerFault.exe	141
9224	4376	WerFault.exe	117
8984	5564	WerFault.exe	261
9040	4872	WerFault.exe	113
5224	7932	WerFault.exe	397
10408	5500	WerFault.exe	299
6004	8008	WerFault.exe	445
5344	6772	WerFault.exe	417
10880	6596	WerFault.exe	331
11428	7496	WerFault.exe	508
11360	8000	WerFault.exe	503
11712	2060	WerFault.exe	504
12096	8008	WerFault.exe	445
12080	1804	WerFault.exe	517
12072	7916	WerFault.exe	502
12160	6968	WerFault.exe	351
4620	6908	WerFault.exe	347

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15787.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe
680	Unicorn-11652.exe
1560	Unicorn-62005.exe
1604	Unicorn-47293.exe
3128	Unicorn-35446.exe
4092	Unicorn-35446.exe
4112	Unicorn-19664.exe
3848	Unicorn-33399.exe
1036	Unicorn-59540.exe
516	Unicorn-33967.exe
1408	Unicorn-18185.exe
4132	Unicorn-43758.exe
1316	Unicorn-38051.exe
3916	Unicorn-12477.exe
4456	Unicorn-41158.exe
792	Unicorn-64428.exe
1060	Unicorn-308.exe
2792	Unicorn-51133.exe
4588	Unicorn-16152.exe
3116	Unicorn-36249.exe
4872	Unicorn-65160.exe
3404	Unicorn-17120.exe
4556	Unicorn-692.exe
4296	Unicorn-14013.exe
920	Unicorn-5845.exe
4376	Unicorn-46364.exe
3424	Unicorn-49436.exe
3360	Unicorn-14320.exe
4480	Unicorn-14013.exe
1656	Unicorn-60739.exe
2008	Unicorn-40319.exe
4696	Unicorn-1979.exe
2944	Unicorn-24951.exe
4944	Unicorn-6468.exe
4436	Unicorn-41279.exe
4052	Unicorn-61185.exe
820	Unicorn-57423.exe
3024	Unicorn-41087.exe
1988	Unicorn-41087.exe
4144	Unicorn-50900.exe
224	Unicorn-22613.exe
4728	Unicorn-27766.exe
1736	Unicorn-3837.exe
2820	Unicorn-28433.exe
4564	Unicorn-63707.exe
3600	Unicorn-39824.exe
4012	Unicorn-33394.exe
1872	Unicorn-24812.exe
3552	Unicorn-19659.exe
4704	Unicorn-30594.exe
1540	Unicorn-44413.exe
3480	Unicorn-41724.exe
5068	Unicorn-25711.exe
2608	Unicorn-2083.exe
2132	Unicorn-12197.exe
3472	Unicorn-57869.exe
4452	Unicorn-32545.exe
3712	Unicorn-51092.exe
4624	Unicorn-36794.exe
3492	Unicorn-19550.exe
4836	Unicorn-35332.exe
5076	Unicorn-10121.exe
1396	Unicorn-329.exe
5020	Unicorn-12581.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 680	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	91
PID 2584 wrote to memory of 680	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	91
PID 2584 wrote to memory of 680	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	91
PID 680 wrote to memory of 1560	680	Unicorn-11652.exe	93
PID 680 wrote to memory of 1560	680	Unicorn-11652.exe	93
PID 680 wrote to memory of 1560	680	Unicorn-11652.exe	93
PID 2584 wrote to memory of 1604	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	94
PID 2584 wrote to memory of 1604	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	94
PID 2584 wrote to memory of 1604	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	94
PID 1604 wrote to memory of 3128	1604	Unicorn-47293.exe	97
PID 1604 wrote to memory of 3128	1604	Unicorn-47293.exe	97
PID 1604 wrote to memory of 3128	1604	Unicorn-47293.exe	97
PID 1560 wrote to memory of 4092	1560	Unicorn-62005.exe	98
PID 1560 wrote to memory of 4092	1560	Unicorn-62005.exe	98
PID 1560 wrote to memory of 4092	1560	Unicorn-62005.exe	98
PID 2584 wrote to memory of 3848	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	99
PID 2584 wrote to memory of 3848	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	99
PID 2584 wrote to memory of 3848	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	99
PID 680 wrote to memory of 4112	680	Unicorn-11652.exe	100
PID 680 wrote to memory of 4112	680	Unicorn-11652.exe	100
PID 680 wrote to memory of 4112	680	Unicorn-11652.exe	100
PID 3128 wrote to memory of 1036	3128	Unicorn-35446.exe	101
PID 3128 wrote to memory of 1036	3128	Unicorn-35446.exe	101
PID 3128 wrote to memory of 1036	3128	Unicorn-35446.exe	101
PID 1604 wrote to memory of 4132	1604	Unicorn-47293.exe	102
PID 1604 wrote to memory of 4132	1604	Unicorn-47293.exe	102
PID 1604 wrote to memory of 4132	1604	Unicorn-47293.exe	102
PID 4092 wrote to memory of 516	4092	Unicorn-35446.exe	103
PID 4092 wrote to memory of 516	4092	Unicorn-35446.exe	103
PID 4092 wrote to memory of 516	4092	Unicorn-35446.exe	103
PID 1560 wrote to memory of 1408	1560	Unicorn-62005.exe	104
PID 1560 wrote to memory of 1408	1560	Unicorn-62005.exe	104
PID 1560 wrote to memory of 1408	1560	Unicorn-62005.exe	104
PID 3848 wrote to memory of 1316	3848	Unicorn-33399.exe	105
PID 3848 wrote to memory of 1316	3848	Unicorn-33399.exe	105
PID 3848 wrote to memory of 1316	3848	Unicorn-33399.exe	105
PID 4112 wrote to memory of 3916	4112	Unicorn-19664.exe	106
PID 4112 wrote to memory of 3916	4112	Unicorn-19664.exe	106
PID 4112 wrote to memory of 3916	4112	Unicorn-19664.exe	106
PID 2584 wrote to memory of 792	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	107
PID 2584 wrote to memory of 792	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	107
PID 2584 wrote to memory of 792	2584	5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe	107
PID 680 wrote to memory of 4456	680	Unicorn-11652.exe	108
PID 680 wrote to memory of 4456	680	Unicorn-11652.exe	108
PID 680 wrote to memory of 4456	680	Unicorn-11652.exe	108
PID 1036 wrote to memory of 1060	1036	Unicorn-59540.exe	109
PID 1036 wrote to memory of 1060	1036	Unicorn-59540.exe	109
PID 1036 wrote to memory of 1060	1036	Unicorn-59540.exe	109
PID 3128 wrote to memory of 2792	3128	Unicorn-35446.exe	110
PID 3128 wrote to memory of 2792	3128	Unicorn-35446.exe	110
PID 3128 wrote to memory of 2792	3128	Unicorn-35446.exe	110
PID 516 wrote to memory of 4588	516	Unicorn-33967.exe	111
PID 516 wrote to memory of 4588	516	Unicorn-33967.exe	111
PID 516 wrote to memory of 4588	516	Unicorn-33967.exe	111
PID 4092 wrote to memory of 3116	4092	Unicorn-35446.exe	112
PID 4092 wrote to memory of 3116	4092	Unicorn-35446.exe	112
PID 4092 wrote to memory of 3116	4092	Unicorn-35446.exe	112
PID 1316 wrote to memory of 4872	1316	Unicorn-38051.exe	113
PID 1316 wrote to memory of 4872	1316	Unicorn-38051.exe	113
PID 1316 wrote to memory of 4872	1316	Unicorn-38051.exe	113
PID 3916 wrote to memory of 4480	3916	Unicorn-12477.exe	115
PID 3916 wrote to memory of 4480	3916	Unicorn-12477.exe	115
PID 3916 wrote to memory of 4480	3916	Unicorn-12477.exe	115
PID 4112 wrote to memory of 4376	4112	Unicorn-19664.exe	117

C:\Users\Admin\AppData\Local\Temp\5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe
"C:\Users\Admin\AppData\Local\Temp\5a186c2ac5e3138613391785e531a11fa0f31321c9540e75f399769bd7f6832a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        10⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        10⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
        10⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        9⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 624
        10⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        9⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 668
        9⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 716
        8⤵
        Program crash
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        10⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        10⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        10⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        9⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        9⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 660
        9⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        9⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        8⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        10⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        9⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        9⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        9⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 680
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
        7⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 632
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        8⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 760
        7⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        7⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 752
        7⤵
        Program crash
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        6⤵
        Executes dropped EXE
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50319.exe
        8⤵
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        9⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 648
        9⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 648
        9⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 656
        8⤵
        Program crash
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        7⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        7⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 632
        8⤵
        Program crash
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 640
        7⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        7⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 636
        11⤵
        Program crash
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        11⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        11⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        10⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        10⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        11⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        10⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        9⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 648
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        8⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 636
        9⤵
        
        PID:13496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 760
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        9⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        9⤵
        
        PID:14900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 632
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        7⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 752
        7⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 752
        7⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        8⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 748
        7⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        9⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        10⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 652
        9⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 652
        9⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        7⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 636
        8⤵
        Program crash
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        7⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 656
        7⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        6⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        6⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        8⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 636
        9⤵
        Program crash
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 652
        8⤵
        Program crash
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        9⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        8⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        7⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        6⤵
        
        PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        9⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        8⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        7⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 720
        7⤵
        Program crash
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        5⤵
        
        PID:5764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 488
        6⤵
        Program crash
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        7⤵
        
        PID:13596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 632
        6⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        5⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        6⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        5⤵
        
        PID:14320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 724
      4⤵
      Program crash
      PID:3092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 724
      4⤵
      Program crash
      PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65295.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        10⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        10⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        9⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        10⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        9⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        9⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
        9⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        8⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 636
        9⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        9⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59316.exe
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        9⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        10⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        9⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
        10⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        9⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        9⤵
        
        PID:13696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 680
        8⤵
        Program crash
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        8⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        8⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 676
        7⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 624
        6⤵
        Program crash
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 636
        6⤵
        Program crash
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        5⤵
        
        PID:6892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 720
        6⤵
        Program crash
        
        PID:6068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 488
        5⤵
        Program crash
        
        PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        9⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        10⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        8⤵
        
        PID:8288
        
        C:\Unicorn-5.31837469016626E+90.exe
        
        \Unicorn-5.31837469016626E+90.exe
        9⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 668
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        9⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        7⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        6⤵
        
        PID:7624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 660
        6⤵
        Program crash
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 680
        6⤵
        Program crash
        
        PID:7728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 632
        5⤵
        Program crash
        
        PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        6⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 640
        7⤵
        Program crash
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 640
        7⤵
        Program crash
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        6⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        6⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        5⤵
        
        PID:8860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 724
        5⤵
        
        PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
      4⤵
      PID:3124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 636
        5⤵
        Program crash
        
        PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
      4⤵
      PID:8024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 648
        5⤵
        
        PID:8392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 648
        5⤵
        
        PID:13404
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 744
      4⤵
      PID:12412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 744
      4⤵
      PID:13792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 720
      4⤵
      Program crash
      PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 740
      4⤵
      Program crash
      PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 764
        5⤵
        Program crash
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 636
        5⤵
        Program crash
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        7⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        6⤵
        
        PID:10504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 668
        6⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        5⤵
        
        PID:7364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 636
        6⤵
        
        PID:9484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 636
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        5⤵
        
        PID:5332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 628
        5⤵
        
        PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
      4⤵
      PID:7608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 628
        5⤵
        Program crash
        
        PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
      4⤵
      PID:13604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 636
      4⤵
      Program crash
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        5⤵
        
        PID:5404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 636
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3600.exe
        5⤵
        
        PID:10636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 624
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
      4⤵
      PID:6772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 636
        5⤵
        Program crash
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
      4⤵
      PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        5⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
      4⤵
      PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
      4⤵
      PID:13840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
    3⤵
    PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
      4⤵
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
    3⤵
    PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
      4⤵
      PID:10768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
    3⤵
    PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
      4⤵
      PID:14832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45109.exe
    3⤵
    PID:13264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        10⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 660
        10⤵
        Program crash
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 632
        10⤵
        Program crash
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        10⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
        11⤵
        
        PID:14340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 624
        10⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        9⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        10⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        10⤵
        
        PID:14944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 668
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        9⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 512
        8⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 512
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 636
        10⤵
        Program crash
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        10⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 720
        9⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        7⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 652
        8⤵
        Program crash
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
        7⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        10⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        11⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 644
        12⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 756
        11⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        10⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        10⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
        10⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        8⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 636
        9⤵
        Program crash
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        8⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 760
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        9⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        9⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        9⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 640
        9⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 668
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        8⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        7⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        9⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        9⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 724
        8⤵
        Program crash
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48111.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        8⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 664
        7⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        6⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 548
        7⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        6⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 772
        6⤵
        Program crash
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36794.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        8⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 636
        7⤵
        
        PID:9892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 680
        6⤵
        Program crash
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        7⤵
        
        PID:12292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 648
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        5⤵
        
        PID:5892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 764
        5⤵
        
        PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
        9⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 760
        9⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31525.exe
        9⤵
        
        PID:15008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 632
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38626.exe
        6⤵
        
        PID:6328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 748
        6⤵
        Program crash
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        8⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        8⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 664
        7⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        7⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 644
        8⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 644
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        7⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 632
        7⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        6⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 636
        7⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        6⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        6⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        7⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        6⤵
        
        PID:9800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 632
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
        6⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        5⤵
        
        PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        8⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 636
        9⤵
        Program crash
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46724.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        7⤵
        
        PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
      4⤵
      PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
      4⤵
      PID:7040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 640
        5⤵
        Program crash
        
        PID:9556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 640
        5⤵
        Program crash
        
        PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        5⤵
        
        PID:9480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 636
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
      4⤵
      PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        5⤵
        
        PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        8⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 636
        8⤵
        Program crash
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 588
        6⤵
        Program crash
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        6⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        6⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 636
        7⤵
        Program crash
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        7⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        5⤵
        
        PID:13244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 752
      4⤵
      Program crash
      PID:4792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 752
      4⤵
      Program crash
      PID:1400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3404
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 644
      4⤵
      Program crash
      PID:4604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 676
      4⤵
      Program crash
      PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        8⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 632
        8⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 748
        7⤵
        Program crash
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        7⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 636
        8⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
        7⤵
        
        PID:4796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 672
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        7⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 644
        8⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 644
        8⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 736
        7⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        6⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
        6⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        6⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 636
        7⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe
        7⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        6⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        7⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        6⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        6⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        5⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        5⤵
        
        PID:12960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
    3⤵
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        7⤵
        
        PID:13704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 616
        6⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        5⤵
        
        PID:14948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
    3⤵
    PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
      4⤵
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        
        PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
      4⤵
      PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        5⤵
        
        PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
      4⤵
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
      4⤵
      PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        5⤵
        
        PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
      4⤵
      PID:13664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
    3⤵
    PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
      4⤵
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
    3⤵
    PID:12440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        6⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 636
        7⤵
        Program crash
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        6⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 636
        7⤵
        
        PID:15268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 748
        6⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
        7⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        7⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 636
        8⤵
        Program crash
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        7⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 504
        7⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
        6⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        7⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
        6⤵
        
        PID:11436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 764
        5⤵
        Program crash
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        6⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        6⤵
        
        PID:5320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 752
        6⤵
        Program crash
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
        8⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        6⤵
        
        PID:9836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 664
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        8⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 720
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        6⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        7⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
        6⤵
        
        PID:5144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 724
        5⤵
        Program crash
        
        PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        5⤵
        
        PID:6948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 636
        6⤵
        
        PID:13488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 636
        5⤵
        
        PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        5⤵
        
        PID:6860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 624
        6⤵
        Program crash
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 672
        5⤵
        
        PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        5⤵
        
        PID:7496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 632
        6⤵
        Program crash
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
        5⤵
        
        PID:10136
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 636
        5⤵
        
        PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
      4⤵
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
      4⤵
      PID:12952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 744
    3⤵
    - Program crash
    PID:3412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 744
    3⤵
    - Program crash
    PID:3256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 632
      4⤵
      Program crash
      PID:2240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 652
      4⤵
      Program crash
      PID:3860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 668
    3⤵
    - Program crash
    PID:1896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 668
    3⤵
    - Program crash
    PID:1788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        5⤵
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        7⤵
        
        PID:224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 636
        8⤵
        
        PID:15260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 616
        7⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 616
        7⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        6⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 636
        7⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27035.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        6⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        6⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        7⤵
        
        PID:13592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 664
        5⤵
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
        6⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        5⤵
        
        PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
      4⤵
      PID:8672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 760
      4⤵
      PID:13108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
  2⤵
  PID:5776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
  2⤵
  PID:6908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
    3⤵
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
      4⤵
      PID:9924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 668
    3⤵
    - Program crash
    PID:4620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
  2⤵
  PID:7920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 636
    3⤵
    PID:3408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
  2⤵
  PID:10948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
    3⤵
    PID:13836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
  2⤵
  PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4456 -ip 4456
1⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1560 -ip 1560
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3848 -ip 3848
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1560 -ip 1560
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4456 -ip 4456
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3848 -ip 3848
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4556 -ip 4556
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3404 -ip 3404
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 792 -ip 792
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4132 -ip 4132
1⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4556 -ip 4556
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3404 -ip 3404
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4132 -ip 4132
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 792 -ip 792
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4144 -ip 4144
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4144 -ip 4144
1⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3552 -ip 3552
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3600 -ip 3600
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4704 -ip 4704
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1872 -ip 1872
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1736 -ip 1736
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3600 -ip 3600
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1872 -ip 1872
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3552 -ip 3552
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4452 -ip 4452
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3712 -ip 3712
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2132 -ip 2132
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4092 -ip 4092
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3916 -ip 3916
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4480 -ip 4480
1⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4296 -ip 4296
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2132 -ip 2132
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4452 -ip 4452
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3360 -ip 3360
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3712 -ip 3712
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1396 -ip 1396
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5764 -ip 5764
1⤵
PID:100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4696 -ip 4696
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4944 -ip 4944
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4092 -ip 4092
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2944 -ip 2944
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3916 -ip 3916
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4480 -ip 4480
1⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4296 -ip 4296
1⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5180 -ip 5180
1⤵
PID:648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3360 -ip 3360
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5528 -ip 5528
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1396 -ip 1396
1⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4696 -ip 4696
1⤵
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2944 -ip 2944
1⤵
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4944 -ip 4944
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4704 -ip 4704
1⤵
PID:648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6108 -ip 6108
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5712 -ip 5712
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5776 -ip 5776
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5516 -ip 5516
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5812 -ip 5812
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6060 -ip 6060
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1736 -ip 1736
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5544 -ip 5544
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1752 -ip 1752
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5528 -ip 5528
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1384 -ip 1384
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5280 -ip 5280
1⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5396 -ip 5396
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 792 -ip 792
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5712 -ip 5712
1⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5776 -ip 5776
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1596 -ip 1596
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4572 -ip 4572
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5516 -ip 5516
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6128 -ip 6128
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5624 -ip 5624
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5052 -ip 5052
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1872 -ip 1872
1⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6108 -ip 6108
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5812 -ip 5812
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5020 -ip 5020
1⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5076 -ip 5076
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6060 -ip 6060
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2168 -ip 2168
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1752 -ip 1752
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1020 -ip 1020
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2608 -ip 2608
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 224 -ip 224
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1540 -ip 1540
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3024 -ip 3024
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5356 -ip 5356
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1384 -ip 1384
1⤵
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4012 -ip 4012
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5280 -ip 5280
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5544 -ip 5544
1⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5396 -ip 5396
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 792 -ip 792
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1596 -ip 1596
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4572 -ip 4572
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6128 -ip 6128
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5624 -ip 5624
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1872 -ip 1872
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5052 -ip 5052
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5020 -ip 5020
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5076 -ip 5076
1⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1020 -ip 1020
1⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2168 -ip 2168
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2608 -ip 2608
1⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 224 -ip 224
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3024 -ip 3024
1⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1540 -ip 1540
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4012 -ip 4012
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5356 -ip 5356
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6228 -ip 6228
1⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 532 -ip 532
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6148 -ip 6148
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1416 -ip 1416
1⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 100 -ip 100
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5932 -ip 5932
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6572 -ip 6572
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6160 -ip 6160
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6208 -ip 6208
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6488 -ip 6488
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6068 -ip 6068
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5180 -ip 5180
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6652 -ip 6652
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1236 -ip 1236
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6724 -ip 6724
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 532 -ip 532
1⤵
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6228 -ip 6228
1⤵
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6148 -ip 6148
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5932 -ip 5932
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1416 -ip 1416
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6572 -ip 6572
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 100 -ip 100
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6160 -ip 6160
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6208 -ip 6208
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6068 -ip 6068
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6488 -ip 6488
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 1236 -ip 1236
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6652 -ip 6652
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6724 -ip 6724
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6528 -ip 6528
1⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5880 -ip 5880
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5188 -ip 5188
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6000 -ip 6000
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5344 -ip 5344
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5332 -ip 5332
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6328 -ip 6328
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6412 -ip 6412
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6868 -ip 6868
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5320 -ip 5320
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6704 -ip 6704
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6832 -ip 6832
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6780 -ip 6780
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7624 -ip 7624
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6784 -ip 6784
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 8048 -ip 8048
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 7060 -ip 7060
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6204 -ip 6204
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5308 -ip 5308
1⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6332 -ip 6332
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6824 -ip 6824
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6996 -ip 6996
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5480 -ip 5480
1⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4244 -ip 4244
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5264 -ip 5264
1⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5832 -ip 5832
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4792 -ip 4792
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 2996 -ip 2996
1⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5452 -ip 5452
1⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 4564 -ip 4564
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7608 -ip 7608
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6984 -ip 6984
1⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6860 -ip 6860
1⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6892 -ip 6892
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 6528 -ip 6528
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5880 -ip 5880
1⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 6000 -ip 6000
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5344 -ip 5344
1⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7040 -ip 7040
1⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7092 -ip 7092
1⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6952 -ip 6952
1⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 5188 -ip 5188
1⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3124 -ip 3124
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 5332 -ip 5332
1⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6328 -ip 6328
1⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 5216 -ip 5216
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6412 -ip 6412
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5564 -ip 5564
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4376 -ip 4376
1⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4624 -ip 4624
1⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4052 -ip 4052
1⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3912 -ip 3912
1⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 2008 -ip 2008
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5132 -ip 5132
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5632 -ip 5632
1⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6480 -ip 6480
1⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4872 -ip 4872
1⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5320 -ip 5320
1⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 6704 -ip 6704
1⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 6832 -ip 6832
1⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6772 -ip 6772
1⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7932 -ip 7932
1⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 8008 -ip 8008
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7624 -ip 7624
1⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5500 -ip 5500
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7060 -ip 7060
1⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 5308 -ip 5308
1⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6784 -ip 6784
1⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6596 -ip 6596
1⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 8048 -ip 8048
1⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6204 -ip 6204
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 6780 -ip 6780
1⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6332 -ip 6332
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5480 -ip 5480
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 6996 -ip 6996
1⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 4244 -ip 4244
1⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 6824 -ip 6824
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 8000 -ip 8000
1⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 5264 -ip 5264
1⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4792 -ip 4792
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5832 -ip 5832
1⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 7496 -ip 7496
1⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2060 -ip 2060
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 7916 -ip 7916
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1804 -ip 1804
1⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4260 -ip 4260
1⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1396 -ip 1396
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6968 -ip 6968
1⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 6072 -ip 6072
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 6852 -ip 6852
1⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 5612 -ip 5612
1⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6580 -ip 6580
1⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1412 -p 7032 -ip 7032
1⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6904 -ip 6904
1⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 6908 -ip 6908
1⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5620 -ip 5620
1⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 7364 -ip 7364
1⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5760 -ip 5760
1⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 1036 -ip 1036
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 820 -ip 820
1⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1988 -ip 1988
1⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5068 -ip 5068
1⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 1912 -ip 1912
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 1100 -ip 1100
1⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 2784 -ip 2784
1⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 2960 -ip 2960
1⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 5592 -ip 5592
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 4588 -ip 4588
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4436 -ip 4436
1⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 4112 -ip 4112
1⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 2196 -ip 2196
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 5944 -ip 5944
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 4016 -ip 4016
1⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2672 -ip 2672
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6060 -ip 6060
1⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 4728 -ip 4728
1⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7880 -ip 7880
1⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6752 -ip 6752
1⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 8156 -ip 8156
1⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 7700 -ip 7700
1⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 7100 -ip 7100
1⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 6916 -ip 6916
1⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7920 -ip 7920
1⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 7960 -ip 7960
1⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 8012 -ip 8012
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 8628 -ip 8628
1⤵
PID:14064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 8024 -ip 8024
1⤵
PID:14492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 6948 -ip 6948
1⤵
PID:14748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 4732 -ip 4732
1⤵
PID:14800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 5404 -ip 5404
1⤵
PID:15072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 2504 -ip 2504
1⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 5812 -ip 5812
1⤵
PID:14532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 7816 -ip 7816
1⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5632 -ip 5632
1⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3536 -ip 3536
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 8976 -ip 8976
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 7496 -ip 7496
1⤵
PID:14584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 7736 -ip 7736
1⤵
PID:14784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1524 -p 1540 -ip 1540
1⤵
PID:14792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 5368 -ip 5368
1⤵
PID:15156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 7016 -ip 7016
1⤵
PID:14748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7540 -ip 7540
1⤵
PID:14908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 5996 -ip 5996
1⤵
PID:14924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5280 -ip 5280
1⤵
PID:14928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe

Filesize
468KB

MD5
1f1b0739b95fdb695462661c3353d694

SHA1
ec6edabb45da7c27a291f178d4d1e65e33281369

SHA256
ed11912ff4c99cc0149942f5ba28cb4528f4daeaadf4e94c1124d5ee1a3f77b4

SHA512
f8cfb541e07859e4d872e7568eced5722ce6e075855121b1c860a453840f085aaf3323f6bbc7135f9f8286ee3bfdf66e29aaf23ceba12ca3f7059d6cae04b9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe

Filesize
468KB

MD5
9c9b7ac08a437f7baa2f2b0d7170db82

SHA1
c207c992e2473486928d2b3d14ea7cc6fc14b684

SHA256
7e941464c2dc70ab212a907856eca9ff1f5d99e50d001864878622cbe4f0082a

SHA512
86a288758af3f49c7a9814def30371ac432d1188b7ef545c9133116c40cb5ff88a03ff9b5022184640b8288c9d8eeb8685e9dd3bf97cdfd0c989364ad44a1087

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe

Filesize
468KB

MD5
2074042c45d17c6cc0c5f22946f8db9d

SHA1
31d13adee296f4cbc1554947128c50ce628fd71c

SHA256
c478c22ec69b263e586315824c9b55a38bfce860de9207fccd25cd032e71c1f7

SHA512
00326931681c9a3ed9ed59ae3373d2a63196909afb4a44a024a2fcc00d86fcb3707d299c9f1a0009d6f038ea1b85eda909c9ee84d45296a90232204d3339a94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe

Filesize
468KB

MD5
3804b9506e1bfa20b5e4545a0e3ec9ed

SHA1
e376c1d4d4911e8674c25507b9b652aa4584f8b6

SHA256
80d56479f0fffc0a6b1cc98065973f80ff7b94bd6f2b2c5d14caee0f64f8dab6

SHA512
e0f86d307d9a6fed897a2e0f82976ddc135ee34bc19566b8c70dbbaeefbf5bcf25225ee8def12d2f9a25752e1e3d2bf1621f1e4422b7b89906e63ebc897cf9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe

Filesize
468KB

MD5
b00d5e5faaa028f6da2fca61cae4752b

SHA1
16ea0c03bff77455702c8a61718566daac3155a5

SHA256
f7cf40f75e19100526114c5fd4cabc7e4e1cb1bedd961ddb8c608c849225d8c6

SHA512
7e187d7a00cc97a082512cc850f777ee764a11a68d1520f8b7d511f54abd35be065b60c957762d3c41d715a3b6cd9ff56d054aeb1cd829b4e281bc3df72f98f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe

Filesize
468KB

MD5
6e5e94d742b563b37609d2b7b608b077

SHA1
d2f5c4355d4e0ee08636dc4fba13d7673a71c07a

SHA256
83b0c53cd5fce3e8b9edb1d82d0c2cf9015dde428b054c9cf151e772046d8726

SHA512
65f01b0a908322c62b3bfe1494772f7a55131e6b324acbd319d21c7134366bf8ce0aa1e832095e88be9fbadd6ae94d047ea6190198e74d8a2e38f8fc570cda62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe

Filesize
468KB

MD5
5d045f78a915c9e9075f069cc532791f

SHA1
286b248cb7160209f92f0875c17740f7322b8b98

SHA256
759cf2de04d67b0c6256357402e9b7c22d1fc48a96106937c71c68dde7228e54

SHA512
916b655c3977b3b8ca65b650c822f57bf123ef43737840b6d17463dd5e31fe88aa58781cb6f55879042cf665ca00a6397c09ae3ab7b9e533f5129e6fe59334c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe

Filesize
468KB

MD5
c8a878fc48ec6469f4839d872adf992d

SHA1
ecf4ad7951620738e14fd98e9eaf08f00c05b03d

SHA256
e969b0fc0b6697cb99dc08e6f841c9365c2bb26e576d16e26c83b72a834b7945

SHA512
c3e3caf64a89acf4edf6313e5e8fe51dea7f0bc8dc15e1e83e043a44c32084d749742fd7e3b20bb6833d5982418f989dd65431672a56755f8a3f68bbf3c5267f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe

Filesize
468KB

MD5
effd388455703f8dac74399a2f13679a

SHA1
5117418a1bf8f964922728b85f13740dfd584ded

SHA256
7193bf1cfaa51055e9dad94f3b187335b1968bfb54dce1d8fafdbe0f37c1262b

SHA512
10c87224d1abcbb00c1943254c9e6955135dd91144fa29416f59d17683286e2b7962425e016d04ed0fb0a7d09f14c161afe6a354594df32a661c2f6baba8c113

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe

Filesize
468KB

MD5
838e67e433a8bff354f025ef8a9d0512

SHA1
d046dbebb3aa1c56ba7266d66a0e550cee84a850

SHA256
a8fb1edbaa8e36bb184fedd5604b038a215d82888457715179d2d7176d46f0f6

SHA512
69c824e64435b80324d3cdcce6952ab38224ea5d8747b2040d8d7ca055943ddacb54ac941c0c80cf7917a4cd6c14d9d75a035e72f460a2f7f387b6b2f0c7f22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe

Filesize
468KB

MD5
5d0d6b65fb5304f6f8eff7f55e45820a

SHA1
a98252aaadd480682a67e843c998156ff68c2baa

SHA256
b6ab7df3fb9ce5096198b2deffa4c04281f5c2ed8e74cd034495613e7ee0789e

SHA512
ed4976b9c25f403f24746a1b9ca7a34efe01e3d0a6b6667b2ff155c31aac71309e1a0358b125e3442b9ca899c4040155c4ed3be50efed2b0ce35b5225c6a85d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe

Filesize
468KB

MD5
787da4796cea83e9117fc16456d29645

SHA1
7cd691cee655364987423dca39323e2e22dee6be

SHA256
ed7263459d4e510d2d83a0c5692ab6cee8e0547ae6c3e464caa6d63a1b61c464

SHA512
be21f49e36e07d5322e08ed5075add6e153b684deef0a18f004956c4171636aaf788b0ff1aca5bb38aa54177ffc77e5dcdd5f544ade308461a0f0fee9122bab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe

Filesize
468KB

MD5
acbd895a32922cc73d517ea44a22bd7a

SHA1
4cdf0a695eb5d3c2219a08105f8f0b14a9d20964

SHA256
6d591c79dc2f4f130633ea01d7cc717b668818fdd7599d51ac420652deeb2c5c

SHA512
e1bdb2832309ce0f2412cfb3ca22dc7b6b9be9f29aedc7fc9474cafdba5d2fd7704dbd8edf62470186939df68885ba9fd46b99ffcdc63058704246a54c9a4000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe

Filesize
468KB

MD5
5f8c6bab2e0d49b2925008b435f30d0a

SHA1
4aa1ef64d17832fd5b80d53da8f27c8a3dac195c

SHA256
729a2f00b80e4862ed27811cbe6e4ce9b0369f1c6a4aa5227a2f65ee85d568fd

SHA512
936872c696b689ee83a0bacb231df60dde9aa5a368d07238a33bd4685600746342d844da142a4dae100d17e8982bdeb07fabb721d239d180aae33471168a8651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe

Filesize
468KB

MD5
b01a6663fde996dc81b5fc245411aca1

SHA1
86257174c544a8440dc8cc65885d91f4b560d3cf

SHA256
053d5d162be764f034c5f5a06eab8920c29e9b24e4efc8a1505ca388353331c5

SHA512
0678b11696d3c6f18fb24fcdf1aef2065cf5128ebae56dcf7cad4402bfa114c087487ac75a525389cd00339941d47324ea019ff580e1de48b1e0fb80b3590072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe

Filesize
468KB

MD5
e6e4d91be9fda7b92432a48604c83bb2

SHA1
9a456439e83a771501addf9aa7a4f32b2e353784

SHA256
940636950617b94259bbbe3c6351bd9b157667b7f2ad0ab770407ab96384b8bb

SHA512
60558b141f2c4ed4edf0db97372d5c4dc2d06208a33eef35c99a40403e177e69c02b7469a48ab687e133dee9e919153fb90f6780f95605d58eebf8d2a0227c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe

Filesize
468KB

MD5
853677da648dda0f30106719d454fbc8

SHA1
79de9de4f9e4b5b6c1e33dd2eb3c75305a1d616c

SHA256
2a7125223ea1a40fdab77284bc82166fe30bc4e750807889002fdfb1476210af

SHA512
c4c7f3c4606415eeb8648152c4aeeca932ccd8b037ae3a4c5c73525424dad31293ea7f31f34367a341a61d7cd75e5a7a73924382b5ed47c59c6706758ea8ab63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe

Filesize
468KB

MD5
d133014fc25d9f82d3e8672f6274b3e3

SHA1
e142eaa6a8d6831160bc0073ef0b6944da5538a3

SHA256
a4e06d87e52599f4ff5c42ab7c1274495956140a39b92798732cffcde7c2cffc

SHA512
0c73dcac3ff2328fc7239cd39f0db57d8d9c5bd7c15c2ce201a0c83588ec46f554d2da0f7342225daf0011465378264b258665a53f760c9bb66f1d5499ee0d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe

Filesize
468KB

MD5
9f0085622e4cf89e282a7c9156451ff7

SHA1
766de0c13e2979d281606640e6b3cf66c4b70b91

SHA256
f116bc78bd1e47a62083c2bffd163c2e783e940533f51b7e4fea7d670b55f8ca

SHA512
e3176505e37ef0cbf959861b7ed0b64967077c9c5c6c03c760735cfb91b3bd79ef01e94116e0d34a139fbc6abef18a36f515cbaa92121cbe1d34c661e1462cca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe

Filesize
468KB

MD5
18f24829403f653fcd0462c143f0b80b

SHA1
b1d5b4c5d40018c50b704e7a6fc7b51b1645154b

SHA256
39fca085359d9e43b12077f5d975286fe0d5a57ec667d5521748bb9acb944f44

SHA512
1f0be3dbf39c0e16e9ca80dfed590522bf135f6c037fe0773c67b82ca4c238bde2940f2d6e4cc3e0dcf3002db4b564348be0b102c45caaedaafa454c4b7e377e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe

Filesize
468KB

MD5
b33c14a8996d1e08e1c054b2446de602

SHA1
6e04c768978ab61fb86d31f063fadaad01b78977

SHA256
e4cad4c9c1f6133dcff836c0c5779bb1590ff9406eda46cefdf04283c460a8a2

SHA512
016186e666f4f26e3d3aeda6d785817f17373c518a21d70c63a03804913bf843a9bba40201e6700dbe45f2464dc66489f641e8a0e182d9abbf14133211d3a0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe

Filesize
468KB

MD5
ec078db231383117ead3054b8a60597f

SHA1
4d3a1b1326291248fa3d4896acd49f45d2cdf4aa

SHA256
2d4a7cea61ffda629102fa8105e413aa4a6848aa1f4968c4a6d6989fa747d140

SHA512
06e6d61b5f2dc42f8197c47879d87f01dde5ac1c3de15209e510eab358774da9cf70d6f9423fbb304e54f0519f053bb29d490f8ea8900f824ebd6282ba1f1bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe

Filesize
468KB

MD5
c2d2a1b00822a1f3c15b77c6ef486a38

SHA1
6cf582b34fa3823d81f5f16c264e75e53dd031f5

SHA256
b75edc572c2027ad84164c72e93cd308cb8911a0a80e2c26d4bfcf7790e461b3

SHA512
d608b6160db905e3b53980eba4dc502cd20938be63d909bb71a1b5a036d4a80f58d215a32ae010adf343663b7b9d9ffbf53f36a3714dffbabe3003bb678b686f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe

Filesize
468KB

MD5
aa35a5ba1eb9344160b66e6f974dd8b3

SHA1
cbee4b1c24f62745506499df58d04d058172db12

SHA256
e01580ea03dff997b8bb9509a9ead2a3bcfbb5396aa543c30dfa983d7c00d77a

SHA512
545c9791cdd7e8328ac31b58b8e5606970bcd4fd73ba24ee694bccc7171de69d8ac60b7057cf67de02a65087c3733c23faa6ec15a16744917cc07da0bb9719d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe

Filesize
468KB

MD5
d8f9af6a07fc21a49c1418028cbb0ba5

SHA1
f822dc1e34092192e20e7de6298ebab5da0e8010

SHA256
de4fe1999640544d415070ea4cd00c5795074e67746ee87eb6f18691f32a2feb

SHA512
18a78f5e8fda40f2d6ecf01213e6ef2334a603b96fa60151c50ba532bde23603f3113f751e311ac081943e210b376fc9bebcc6f296d2f0be56b8a859e9a739f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe

Filesize
468KB

MD5
0ed10bb43494a940b39af182802a6b06

SHA1
5f9504005376a0a454bedd3c1c7d8926d7225671

SHA256
e9b67535c4c3792be09b058a0a486454c94d141fde4f487a6f81afc908c94e2e

SHA512
bf792f639ff571d7860e4b842f15ffa99c67ae418e9e3ba6f7ec7cf56818623fbebf5ad998c0ce9d8f6433d89adf3ae0c6cc33c5b989be0a73f8923de0cf2313

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe

Filesize
468KB

MD5
aea49905fc184603aee1edf0bcf5b7c7

SHA1
47559b5be9996a26ee493f79e746d168947f2767

SHA256
c231c2da063e498e21b6d6d788997d017e353b6bfaf6770e9634b1ff3ba19520

SHA512
2468502ad75da3514e5c17be632e5920ae14806eb2bc6d1980a91cca0ca5429095af45fe20da2ead10a4f572693f4d79451ba9f5114bc35aeb94e9e53a16cb5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe

Filesize
468KB

MD5
e1798f433b642d55568f07f01c9f7bef

SHA1
e1eecbce7a8e08801434a34363d629ee6aec97c9

SHA256
d7be54d935d765be04a65d89bb1d97407f7e62d0e0fb996b69661bd7d2e9068e

SHA512
722769a4d50aca3e360c2d3696d1460abff87da6538d2fa342a0c01dc998cb5f5678fd1ebe6a8a6812bb68690a0ce609ab04802ffa428135ef8fa95f7973ea43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe

Filesize
468KB

MD5
d1f582ce99b0a5906b264277d7451d25

SHA1
452ae296233784fc7b3e14132d94498e55ef35a4

SHA256
95b03a14644d5acb08ac46a1a84ccc8073bb1f25b17a963637c133a4dc4198e1

SHA512
b5304b79cb9566adf718da237e0cf7cc87cb88528c0dcaeea63ee5a15ba6d3619faa690830d554eac3bfb8df64b4b4cce48498afec2ec09f4479f217f224e215

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe

Filesize
468KB

MD5
7f39a3043c6d67e9c73a6352d9b7cf02

SHA1
36213fbf5b18228fb0a83956a1ec1089f9700dae

SHA256
ec5ed3930799254fc3ae4eebf631756d3f565887b45d065ba078f454c74924fb

SHA512
a73a03ed4c7c91096b2fa3f25afbacb26f06c37af266b7bb56e66bdbc72c73e07fbec70dbd14502098743d798a59107f0593ba32753693a3d83ace55bb818f5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe

Filesize
468KB

MD5
af695626748b5ba9816edc32403f114e

SHA1
c3b819740046724bd1e5432035682f52043a477b

SHA256
95fe7206980a2760b0eaf29c34e878e95bbaa0370452eb5a6435180e19fcf4b9

SHA512
b66f9c784a37d5e05ddffbfd3f337d5c29deb457f491baaa7263dc2ae62f1fe676a99c2c23ee2533d93ce5f006609d4efc5fd8d731c10c57ec5f46d1319ff716

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe

Filesize
468KB

MD5
fb8e5cfdd8543b382350fb43ad10b3b0

SHA1
7b115bc0eef6b9c5c4a1e2d94ea04457bcf03069

SHA256
54cb8a73160e29067e6fc786a3c9560bec1f5c711c608bbe6f38d5b4a6234df2

SHA512
6132cfb1b7959d3dd686727cdf809d79044563c4dfee7cf6506c9770f01ea738d30f7dda8dcc22d9e6d2cf75a35b70718a357632ec051caeb4618828d89afc86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe

Filesize
468KB

MD5
756fa1acc1f071b86a79f196401d33db

SHA1
560f38ac666159c568399d35d40ac907b0d87e22

SHA256
26e36d2ebf1d1e8b41c3a344af0b717f9d92851c7375850cf4a404af56985795

SHA512
f1f6950a77944db330dc3c6719418628adeee8c1d207a10f7c6baf48179ad60c472cf7b93e120ef4161aa8da26fb43567e6e87e3cdc8c076dadb4a1f84e1ca7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe

Filesize
468KB

MD5
f6711efa0ba66b627d7844e88998e83a

SHA1
41b54f290c35221a1cdb9bac989ca7ae8ccef454

SHA256
8ec5c800367dd7fb3d117a831920a24b4f7566c03142ae4a4908a61d7f27daf7

SHA512
5f6958612cfb61fc459645a1782ad0f122f212c9d628ec0f1815b966ae9f4e3cebe23fa52a3665d08f2e6306f3bdd7284db57e35a4e1b7befe961db6f48cc6b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe

Filesize
468KB

MD5
73137d3374c743ef89241fbebf3ab37a

SHA1
191d5c73c429e699d5f87164f3774fea7f9816ce

SHA256
1ba788d80d23d20cebb1af9463520fc648986df6ce90660aa727aba1ee17c0a3

SHA512
15fb037cbdca5f781b2b659126d8c5f376420273254083785d3f96ccabbdd5e358de352d13b3ff0ea252fda7f24282543f6e683d8d3296895b01d1f32e909f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe

Filesize
468KB

MD5
e7c47b0bdf3debbcb1b518c26c69282d

SHA1
867977399e3ac3cc4ce6e61282e82764db4d4841

SHA256
a8eba8996264c36096307cd60b0e4fff5f15b97bfef01cc1a88f9a4032be3285

SHA512
62102a5d57a4654b0bdced5d9a5229b633b699dcb3d5e788ac053b059158a02bdba1d1b4eb19c502390606bad0658064767770d77638101264fc0afd32be9f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe

Filesize
468KB

MD5
b42baa719b79bc51dde2db9105dacaa9

SHA1
cbc6a1ae96c9fd061f23581b81f5bda6bb0a4146

SHA256
ddd236f5c1ea13a1ad896c40745a6823c39d3952bdd5a467dd8be937bc613280

SHA512
dd181c1a71c5431d2703b50182dc4f8d0b42d5ebbe7a65a680f5062716c60962cf5c87bf24aa2ca7b7c00d384c01d0f353570232a1103b15701f10a7c9f9232e

Download Submit