8574df399c6bcd9e1c3c343d3f541794306c4d800c1f97d2349b234e6ee143c4

Analysis

max time kernel
27s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c39b9b51c90b122e44f62ba936dea5d0N.exe
Size

468KB
MD5

c39b9b51c90b122e44f62ba936dea5d0
SHA1

c26b459230e4f4d14d2cd2f59ab35e73b1cf2f89
SHA256

8574df399c6bcd9e1c3c343d3f541794306c4d800c1f97d2349b234e6ee143c4
SHA512

17f224e9af9428e634610d29239d3fe5b62dffda7ce50e338e52db26ccdfb49b7370e0bed28108fa9a26b975121003da94844ff4aaf0046133abd3bc748a5a61
SSDEEP

3072:1G3HogISAE5TtbY2HncOcf8/vChaP0p2JVHeTVPMQ7gL6K7gyElP:1G3oDMTtxHcOcfSYHKQ7KB7gy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 54 IoCs

pid	Process
640	Unicorn-49190.exe
4692	Unicorn-14737.exe
5008	Unicorn-35904.exe
4820	Unicorn-10025.exe
1404	Unicorn-59781.exe
4988	Unicorn-7979.exe
5072	Unicorn-3741.exe
4932	Unicorn-33076.exe
1996	Unicorn-36606.exe
3004	Unicorn-16954.exe
2436	Unicorn-12604.exe
1672	Unicorn-6739.exe
4604	Unicorn-27042.exe
2056	Unicorn-52293.exe
2508	Unicorn-27234.exe
2320	Unicorn-52485.exe
4476	Unicorn-47846.exe
2496	Unicorn-27929.exe
888	Unicorn-28194.exe
944	Unicorn-22063.exe
1732	Unicorn-15179.exe
3736	Unicorn-24110.exe
2900	Unicorn-4244.exe
4252	Unicorn-10809.exe
2568	Unicorn-2641.exe
1820	Unicorn-51842.exe
2404	Unicorn-31976.exe
1968	Unicorn-36252.exe
2936	Unicorn-49988.exe
332	Unicorn-35698.exe
4692	Unicorn-35698.exe
2712	Unicorn-59626.exe
1992	Unicorn-2257.exe
4560	Unicorn-15256.exe
3268	Unicorn-35122.exe
2968	Unicorn-31038.exe
3544	Unicorn-39952.exe
2088	Unicorn-50888.exe
3180	Unicorn-53688.exe
708	Unicorn-63637.exe
996	Unicorn-38436.exe
1248	Unicorn-44037.exe
3168	Unicorn-6533.exe
652	Unicorn-6533.exe
3448	Unicorn-33534.exe
4680	Unicorn-10544.exe
3552	Unicorn-34302.exe
3760	Unicorn-34302.exe
3452	Unicorn-62841.exe
4600	Unicorn-1580.exe
3804	Unicorn-3618.exe
3204	Unicorn-9748.exe
3456	Unicorn-17341.exe
4224	Unicorn-5643.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3012	4692	WerFault.exe	96
2840	4692	WerFault.exe	96
228	4932	WerFault.exe	107
4128	4932	WerFault.exe	107
3092	4988	WerFault.exe	101
4088	4988	WerFault.exe	101
5772	3180	WerFault.exe	144
5808	3736	WerFault.exe	121
5952	2968	WerFault.exe	139
6064	652	WerFault.exe	140
2380	3180	WerFault.exe	144
6080	2968	WerFault.exe	139
5636	3736	WerFault.exe	121
7088	5300	WerFault.exe	186
1956	5192	WerFault.exe	179
5492	3560	WerFault.exe	164
7872	672	WerFault.exe	235
7812	672	WerFault.exe	235
7780	6384	WerFault.exe	268
6300	4680	WerFault.exe	153
1244	6412	WerFault.exe	270
7364	5604	WerFault.exe	192
4404	6800	WerFault.exe	284
6760	6872	WerFault.exe	313
1396	228	WerFault.exe	175
8448	7128	WerFault.exe	319
8440	6920	WerFault.exe	315
8424	6200	WerFault.exe	304
8416	7120	WerFault.exe	297
8404	6792	WerFault.exe	283
8608	5384	WerFault.exe	218
8392	1788	WerFault.exe	321
8380	6464	WerFault.exe	274
8368	7132	WerFault.exe	322
8356	6944	WerFault.exe	292
8344	6252	WerFault.exe	306
8336	6172	WerFault.exe	305
8328	6776	WerFault.exe	285
8320	4692	WerFault.exe	133
8300	6188	WerFault.exe	324
8292	6892	WerFault.exe	289
8236	6092	WerFault.exe	210
708	6960	WerFault.exe	316
216	7136	WerFault.exe	298
9420	2252	WerFault.exe	351
9412	2776	WerFault.exe	365
9316	6896	WerFault.exe	290
9064	1232	WerFault.exe	234
3228	5288	WerFault.exe	185
8676	4104	WerFault.exe	165
9696	6212	WerFault.exe	302
9688	3456	WerFault.exe	160
9680	1604	WerFault.exe	170
9568	6944	WerFault.exe	292
9100	4184	WerFault.exe	227
8672	6012	WerFault.exe	206
6120	5244	WerFault.exe	252
9452	5640	WerFault.exe	246
7088	5184	WerFault.exe	253
10676	7644	WerFault.exe	401
10748	7252	WerFault.exe	383
2592	7344	WerFault.exe	387
10740	1976	WerFault.exe	370
10732	2244	WerFault.exe	362

System Location Discovery: System Language Discovery 1 TTPs 53 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c39b9b51c90b122e44f62ba936dea5d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15256.exe

Suspicious use of SetWindowsHookEx 53 IoCs

pid	Process
2856	c39b9b51c90b122e44f62ba936dea5d0N.exe
640	Unicorn-49190.exe
4692	Unicorn-14737.exe
5008	Unicorn-35904.exe
1404	Unicorn-59781.exe
4820	Unicorn-10025.exe
4988	Unicorn-7979.exe
5072	Unicorn-3741.exe
4932	Unicorn-33076.exe
3004	Unicorn-16954.exe
1672	Unicorn-6739.exe
1996	Unicorn-36606.exe
2436	Unicorn-12604.exe
4604	Unicorn-27042.exe
2056	Unicorn-52293.exe
2508	Unicorn-27234.exe
2320	Unicorn-52485.exe
944	Unicorn-22063.exe
1732	Unicorn-15179.exe
888	Unicorn-28194.exe
2496	Unicorn-27929.exe
2900	Unicorn-4244.exe
3736	Unicorn-24110.exe
4476	Unicorn-47846.exe
4252	Unicorn-10809.exe
1820	Unicorn-51842.exe
2568	Unicorn-2641.exe
2404	Unicorn-31976.exe
1968	Unicorn-36252.exe
1992	Unicorn-2257.exe
2712	Unicorn-59626.exe
332	Unicorn-35698.exe
4692	Unicorn-35698.exe
2936	Unicorn-49988.exe
4560	Unicorn-15256.exe
2088	Unicorn-50888.exe
2968	Unicorn-31038.exe
3544	Unicorn-39952.exe
3268	Unicorn-35122.exe
3168	Unicorn-6533.exe
652	Unicorn-6533.exe
1248	Unicorn-44037.exe
996	Unicorn-38436.exe
3180	Unicorn-53688.exe
708	Unicorn-63637.exe
3448	Unicorn-33534.exe
4680	Unicorn-10544.exe
3552	Unicorn-34302.exe
3760	Unicorn-34302.exe
3452	Unicorn-62841.exe
3804	Unicorn-3618.exe
4600	Unicorn-1580.exe
3204	Unicorn-9748.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 640	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	94
PID 2856 wrote to memory of 640	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	94
PID 2856 wrote to memory of 640	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	94
PID 640 wrote to memory of 4692	640	Unicorn-49190.exe	96
PID 640 wrote to memory of 4692	640	Unicorn-49190.exe	96
PID 640 wrote to memory of 4692	640	Unicorn-49190.exe	96
PID 2856 wrote to memory of 5008	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	97
PID 2856 wrote to memory of 5008	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	97
PID 2856 wrote to memory of 5008	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	97
PID 5008 wrote to memory of 4820	5008	Unicorn-35904.exe	98
PID 5008 wrote to memory of 4820	5008	Unicorn-35904.exe	98
PID 5008 wrote to memory of 4820	5008	Unicorn-35904.exe	98
PID 640 wrote to memory of 1404	640	Unicorn-49190.exe	100
PID 640 wrote to memory of 1404	640	Unicorn-49190.exe	100
PID 640 wrote to memory of 1404	640	Unicorn-49190.exe	100
PID 2856 wrote to memory of 4988	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	101
PID 2856 wrote to memory of 4988	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	101
PID 2856 wrote to memory of 4988	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	101
PID 4820 wrote to memory of 5072	4820	Unicorn-10025.exe	106
PID 4820 wrote to memory of 5072	4820	Unicorn-10025.exe	106
PID 4820 wrote to memory of 5072	4820	Unicorn-10025.exe	106
PID 5008 wrote to memory of 4932	5008	Unicorn-35904.exe	107
PID 5008 wrote to memory of 4932	5008	Unicorn-35904.exe	107
PID 5008 wrote to memory of 4932	5008	Unicorn-35904.exe	107
PID 1404 wrote to memory of 1996	1404	Unicorn-59781.exe	108
PID 1404 wrote to memory of 1996	1404	Unicorn-59781.exe	108
PID 1404 wrote to memory of 1996	1404	Unicorn-59781.exe	108
PID 4988 wrote to memory of 3004	4988	Unicorn-7979.exe	109
PID 4988 wrote to memory of 3004	4988	Unicorn-7979.exe	109
PID 4988 wrote to memory of 3004	4988	Unicorn-7979.exe	109
PID 2856 wrote to memory of 2436	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	110
PID 2856 wrote to memory of 2436	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	110
PID 2856 wrote to memory of 2436	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	110
PID 640 wrote to memory of 1672	640	Unicorn-49190.exe	111
PID 640 wrote to memory of 1672	640	Unicorn-49190.exe	111
PID 640 wrote to memory of 1672	640	Unicorn-49190.exe	111
PID 5072 wrote to memory of 4604	5072	Unicorn-3741.exe	112
PID 5072 wrote to memory of 4604	5072	Unicorn-3741.exe	112
PID 5072 wrote to memory of 4604	5072	Unicorn-3741.exe	112
PID 4820 wrote to memory of 2056	4820	Unicorn-10025.exe	113
PID 4820 wrote to memory of 2056	4820	Unicorn-10025.exe	113
PID 4820 wrote to memory of 2056	4820	Unicorn-10025.exe	113
PID 3004 wrote to memory of 2508	3004	Unicorn-16954.exe	114
PID 3004 wrote to memory of 2508	3004	Unicorn-16954.exe	114
PID 3004 wrote to memory of 2508	3004	Unicorn-16954.exe	114
PID 4988 wrote to memory of 2320	4988	Unicorn-7979.exe	115
PID 4988 wrote to memory of 2320	4988	Unicorn-7979.exe	115
PID 4988 wrote to memory of 2320	4988	Unicorn-7979.exe	115
PID 1996 wrote to memory of 4476	1996	Unicorn-36606.exe	116
PID 1996 wrote to memory of 4476	1996	Unicorn-36606.exe	116
PID 1996 wrote to memory of 4476	1996	Unicorn-36606.exe	116
PID 640 wrote to memory of 2496	640	Unicorn-49190.exe	117
PID 640 wrote to memory of 2496	640	Unicorn-49190.exe	117
PID 640 wrote to memory of 2496	640	Unicorn-49190.exe	117
PID 2436 wrote to memory of 888	2436	Unicorn-12604.exe	118
PID 2436 wrote to memory of 888	2436	Unicorn-12604.exe	118
PID 2436 wrote to memory of 888	2436	Unicorn-12604.exe	118
PID 5008 wrote to memory of 944	5008	Unicorn-35904.exe	119
PID 5008 wrote to memory of 944	5008	Unicorn-35904.exe	119
PID 5008 wrote to memory of 944	5008	Unicorn-35904.exe	119
PID 1672 wrote to memory of 3736	1672	Unicorn-6739.exe	121
PID 1672 wrote to memory of 3736	1672	Unicorn-6739.exe	121
PID 1672 wrote to memory of 3736	1672	Unicorn-6739.exe	121
PID 2856 wrote to memory of 1732	2856	c39b9b51c90b122e44f62ba936dea5d0N.exe	120

C:\Users\Admin\AppData\Local\Temp\c39b9b51c90b122e44f62ba936dea5d0N.exe
"C:\Users\Admin\AppData\Local\Temp\c39b9b51c90b122e44f62ba936dea5d0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 632
      4⤵
      Program crash
      PID:3012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 632
      4⤵
      Program crash
      PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 720
        7⤵
        Program crash
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        7⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 636
        8⤵
        Program crash
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        7⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 636
        8⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 736
        7⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        7⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 636
        8⤵
        Program crash
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        8⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        7⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        6⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 640
        7⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        7⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2348.exe
        6⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        5⤵
        
        PID:5300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 624
        6⤵
        Program crash
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        6⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 624
        7⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        6⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        8⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        5⤵
        
        PID:7568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 636
        6⤵
        
        PID:12348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 636
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        5⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        6⤵
        
        PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
        5⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        6⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4244.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        6⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 636
        7⤵
        Program crash
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        6⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 636
        7⤵
        Program crash
        
        PID:7780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 660
        6⤵
        Program crash
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        5⤵
        
        PID:6464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 716
        6⤵
        Program crash
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        5⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        5⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        6⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        5⤵
        
        PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 636
        5⤵
        Program crash
        
        PID:5772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 636
        5⤵
        Program crash
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        6⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 636
        7⤵
        Program crash
        
        PID:8448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 736
        6⤵
        Program crash
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28649.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4900.exe
        8⤵
        
        PID:15036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 548
        7⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        8⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        6⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        7⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        5⤵
        
        PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
      4⤵
      PID:6800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 628
        5⤵
        Program crash
        
        PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
      4⤵
      PID:6080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 640
        5⤵
        
        PID:12080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 640
        5⤵
        
        PID:12696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
      4⤵
      PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        5⤵
        
        PID:12048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        7⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 636
        8⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 636
        8⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 636
        7⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        6⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
        8⤵
        
        PID:7684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 668
        5⤵
        Program crash
        
        PID:5808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 688
        5⤵
        Program crash
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        5⤵
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        9⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        8⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 744
        7⤵
        
        PID:8988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 656
        6⤵
        Program crash
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        5⤵
        
        PID:6776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 632
        6⤵
        Program crash
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        6⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        5⤵
        
        PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        5⤵
        
        PID:6944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 640
        6⤵
        Program crash
        
        PID:8356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 640
        6⤵
        Program crash
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
      4⤵
      Executes dropped EXE
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        7⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 716
        8⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 632
        7⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        6⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        8⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        6⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        6⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 628
        7⤵
        Program crash
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        6⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        7⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        6⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        7⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        5⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        6⤵
        
        PID:12952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 668
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        5⤵
        
        PID:14076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63801.exe
      4⤵
      PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
    3⤵
    PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        5⤵
        
        PID:6920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 636
        6⤵
        Program crash
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        5⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        5⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        6⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        5⤵
        
        PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
        6⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        7⤵
        
        PID:13828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 664
        6⤵
        
        PID:4740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 632
        5⤵
        
        PID:11904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 668
      4⤵
      Program crash
      PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
    3⤵
    PID:6896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 632
      4⤵
      Program crash
      PID:9316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
    3⤵
    PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        5⤵
        
        PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
      4⤵
      PID:10908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
    3⤵
    PID:9460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
    3⤵
    PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
      4⤵
      PID:664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
    3⤵
    PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
      4⤵
      PID:8316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        9⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 720
        10⤵
        Program crash
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24491.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        9⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        9⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        9⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        9⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        9⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        9⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        8⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        10⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        9⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        10⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        9⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        9⤵
        
        PID:14444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 640
        8⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        7⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 632
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        7⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
        7⤵
        
        PID:672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 632
        8⤵
        Program crash
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 632
        8⤵
        Program crash
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        7⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3618.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        7⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 720
        8⤵
        Program crash
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
        7⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        8⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48304.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        8⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        7⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        7⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 656
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        6⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        9⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        8⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        6⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        6⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 636
        7⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        6⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 636
        7⤵
        
        PID:11716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 720
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        7⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 632
        8⤵
        Program crash
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 632
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
        8⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        8⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        8⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        9⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 644
        7⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        6⤵
        
        PID:5520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 660
        6⤵
        
        PID:12372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 660
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        8⤵
        
        PID:5912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 632
        6⤵
        
        PID:14928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 632
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
        5⤵
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58264.exe
        5⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        6⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        5⤵
        
        PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        8⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 720
        9⤵
        Program crash
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        9⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        7⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 628
        8⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        7⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 636
        8⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 632
        7⤵
        
        PID:8836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 744
        6⤵
        Program crash
        
        PID:8676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 744
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        6⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 640
        7⤵
        Program crash
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        6⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 640
        7⤵
        
        PID:11592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 632
        6⤵
        
        PID:8332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 632
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        5⤵
        
        PID:1788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 640
        6⤵
        Program crash
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        5⤵
        
        PID:5376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 668
        5⤵
        
        PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        6⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 632
        7⤵
        Program crash
        
        PID:9420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 744
        6⤵
        Program crash
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        5⤵
        
        PID:5648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 720
        6⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        6⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
        5⤵
        
        PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        5⤵
        
        PID:7936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 636
        6⤵
        
        PID:10724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 636
        5⤵
        
        PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
      4⤵
      PID:15056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 640
      4⤵
      Program crash
      PID:228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 640
      4⤵
      Program crash
      PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        7⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 636
        8⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 636
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
        7⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 616
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        6⤵
        
        PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        7⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 652
        7⤵
        Program crash
        
        PID:9696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 564
        6⤵
        Program crash
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        5⤵
        
        PID:6252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 636
        6⤵
        Program crash
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        5⤵
        
        PID:7728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 744
        5⤵
        
        PID:13392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 744
        5⤵
        
        PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17549.exe
        6⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        6⤵
        
        PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
      4⤵
      PID:8052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 644
        5⤵
        
        PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
      4⤵
      PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        5⤵
        
        PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
      4⤵
      PID:4680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
    3⤵
    PID:5192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 632
      4⤵
      Program crash
      PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
    3⤵
    PID:6792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 628
      4⤵
      Program crash
      PID:8404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
    3⤵
    PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
      4⤵
      PID:12172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
    3⤵
    PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
      4⤵
      PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
      4⤵
      PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
    3⤵
    PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
    3⤵
    PID:13916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
        11⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47832.exe
        11⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        10⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        10⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
        8⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 748
        7⤵
        Program crash
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        9⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        10⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        11⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        11⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        11⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        10⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        11⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        10⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        9⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        10⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25658.exe
        9⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        10⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        11⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        10⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
        9⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 640
        9⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        9⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
        10⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        10⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        10⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        10⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        10⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        8⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 744
        7⤵
        
        PID:9852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 716
        6⤵
        Program crash
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        6⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        8⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        7⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61952.exe
        6⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        5⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        8⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 636
        9⤵
        Program crash
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 680
        9⤵
        
        PID:180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        9⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        10⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        9⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        10⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        9⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        9⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        8⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        8⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 648
        7⤵
        Program crash
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-652.exe
        9⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49728.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        7⤵
        
        PID:8880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 632
        6⤵
        Program crash
        
        PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
        7⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 648
        8⤵
        Program crash
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19767.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        7⤵
        
        PID:3668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 664
        6⤵
        Program crash
        
        PID:8608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 664
        6⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        5⤵
        
        PID:6200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 636
        6⤵
        Program crash
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
        5⤵
        
        PID:7808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 552
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        5⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        6⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        7⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
        7⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 628
        7⤵
        
        PID:14948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 628
        7⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        6⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        7⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        6⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        7⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        6⤵
        
        PID:8924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 664
        5⤵
        Program crash
        
        PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        5⤵
        
        PID:7596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 720
        6⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        5⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        6⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        7⤵
        
        PID:448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 652
        6⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        5⤵
        
        PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        5⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        6⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        5⤵
        
        PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
      4⤵
      PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        5⤵
        
        PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
      4⤵
      PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
      4⤵
      PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
      4⤵
      PID:7276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        8⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        7⤵
        
        PID:7080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 628
        6⤵
        
        PID:9844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 740
    3⤵
    - Program crash
    PID:3092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 728
    3⤵
    - Program crash
    PID:4088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        7⤵
        
        PID:12412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 660
        6⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        6⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 640
        7⤵
        Program crash
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
        6⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 636
        7⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        6⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
        7⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        6⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 640
        7⤵
        Program crash
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 640
        7⤵
        
        PID:11516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 716
        6⤵
        
        PID:12036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 716
        6⤵
        
        PID:12320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 616
        5⤵
        Program crash
        
        PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        6⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        6⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        7⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6747.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
        7⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30702.exe
        6⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        7⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        6⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        7⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        5⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        6⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        7⤵
        
        PID:6120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 648
        6⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        5⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        5⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        6⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        5⤵
        
        PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
      4⤵
      PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        5⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        6⤵
        
        PID:11748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 660
      4⤵
      PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
      4⤵
      PID:5640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 712
        5⤵
        Program crash
        
        PID:9452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
    3⤵
    PID:6892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 644
      4⤵
      Program crash
      PID:8292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
    3⤵
    PID:7748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
    3⤵
    PID:10288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
    3⤵
    PID:14244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
    3⤵
    PID:6624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 632
      4⤵
      Program crash
      PID:5952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 664
      4⤵
      Program crash
      PID:6080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
    3⤵
    - Executes dropped EXE
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        5⤵
        
        PID:7136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 636
        6⤵
        Program crash
        
        PID:216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 628
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
      4⤵
      PID:6172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 628
        5⤵
        Program crash
        
        PID:8336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 616
      4⤵
      Program crash
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9971.exe
    3⤵
    PID:6444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 644
      4⤵
      PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
    3⤵
    PID:7656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 640
      4⤵
      PID:12096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
    3⤵
    PID:9056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
  2⤵
  PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        7⤵
        
        PID:13804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 744
        6⤵
        
        PID:14936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 724
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
      4⤵
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        5⤵
        
        PID:804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 640
        5⤵
        
        PID:2040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 732
      4⤵
      PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
    3⤵
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
      4⤵
      PID:8076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 752
      4⤵
      PID:12176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
    3⤵
    PID:8040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 628
      4⤵
      PID:12088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
    3⤵
    PID:8112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
    3⤵
    PID:13996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
  2⤵
  PID:6396
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 644
    3⤵
    PID:2040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
  2⤵
  PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
    3⤵
    PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
    3⤵
    PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
      4⤵
      PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
    3⤵
    PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
      4⤵
      PID:10772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
    3⤵
    PID:2812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
  2⤵
  PID:7204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
    3⤵
    PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
      4⤵
      PID:5700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
  2⤵
  PID:14092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
    3⤵
    PID:11352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
  2⤵
  PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4692 -ip 4692
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4692 -ip 4692
1⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4932 -ip 4932
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4932 -ip 4932
1⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4988 -ip 4988
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4988 -ip 4988
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3736 -ip 3736
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3180 -ip 3180
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 652 -ip 652
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2968 -ip 2968
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1672 -ip 1672
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1732 -ip 1732
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1968 -ip 1968
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3204 -ip 3204
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1672 -ip 1672
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1732 -ip 1732
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1968 -ip 1968
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3204 -ip 3204
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3180 -ip 3180
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2968 -ip 2968
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3736 -ip 3736
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3560 -ip 3560
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 652 -ip 652
1⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3272 -ip 3272
1⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4612 -ip 4612
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2812 -ip 2812
1⤵
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4504 -ip 4504
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5300 -ip 5300
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4060 -ip 4060
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3816 -ip 3816
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5228 -ip 5228
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5192 -ip 5192
1⤵
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3272 -ip 3272
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5128 -ip 5128
1⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2812 -ip 2812
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4612 -ip 4612
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5920 -ip 5920
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4504 -ip 4504
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5700 -ip 5700
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6004 -ip 6004
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6024 -ip 6024
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5912 -ip 5912
1⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5844 -ip 5844
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5852 -ip 5852
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5576 -ip 5576
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5300 -ip 5300
1⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1248 -ip 1248
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4060 -ip 4060
1⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3804 -ip 3804
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5192 -ip 5192
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3816 -ip 3816
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5128 -ip 5128
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3448 -ip 3448
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5228 -ip 5228
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5072 -ip 5072
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3452 -ip 3452
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3168 -ip 3168
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 4600 -ip 4600
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3552 -ip 3552
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2320 -ip 2320
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4252 -ip 4252
1⤵
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2496 -ip 2496
1⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2404 -ip 2404
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3760 -ip 3760
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3268 -ip 3268
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4604 -ip 4604
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4680 -ip 4680
1⤵
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2088 -ip 2088
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 888 -ip 888
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 708 -ip 708
1⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5920 -ip 5920
1⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6024 -ip 6024
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6004 -ip 6004
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5700 -ip 5700
1⤵
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5844 -ip 5844
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 672 -ip 672
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5852 -ip 5852
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5912 -ip 5912
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 3228 -ip 3228
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5576 -ip 5576
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5640 -ip 5640
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3636 -ip 3636
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1248 -ip 1248
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5320 -ip 5320
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3804 -ip 3804
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5200 -ip 5200
1⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3448 -ip 3448
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5072 -ip 5072
1⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3452 -ip 3452
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3168 -ip 3168
1⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 4600 -ip 4600
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 3552 -ip 3552
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6368 -ip 6368
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4252 -ip 4252
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3760 -ip 3760
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2496 -ip 2496
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 2404 -ip 2404
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 2320 -ip 2320
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 3268 -ip 3268
1⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4680 -ip 4680
1⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4604 -ip 4604
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 888 -ip 888
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6384 -ip 6384
1⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2088 -ip 2088
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 708 -ip 708
1⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6984 -ip 6984
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6444 -ip 6444
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6396 -ip 6396
1⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6412 -ip 6412
1⤵
PID:692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5604 -ip 5604
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 228 -ip 228
1⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6872 -ip 6872
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6800 -ip 6800
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 3228 -ip 3228
1⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 7136 -ip 7136
1⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6960 -ip 6960
1⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3636 -ip 3636
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6892 -ip 6892
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6188 -ip 6188
1⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 4692 -ip 4692
1⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6776 -ip 6776
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6172 -ip 6172
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6252 -ip 6252
1⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6944 -ip 6944
1⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7132 -ip 7132
1⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6464 -ip 6464
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1788 -ip 1788
1⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6792 -ip 6792
1⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7120 -ip 7120
1⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6200 -ip 6200
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5640 -ip 5640
1⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6920 -ip 6920
1⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7128 -ip 7128
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6092 -ip 6092
1⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5384 -ip 5384
1⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5320 -ip 5320
1⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5200 -ip 5200
1⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4184 -ip 4184
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4104 -ip 4104
1⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5288 -ip 5288
1⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6368 -ip 6368
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6896 -ip 6896
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 1232 -ip 1232
1⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2252 -ip 2252
1⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 2776 -ip 2776
1⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1604 -ip 1604
1⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3456 -ip 3456
1⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6212 -ip 6212
1⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 3560 -ip 3560
1⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 5340 -ip 5340
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5684 -ip 5684
1⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 5488 -ip 5488
1⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5244 -ip 5244
1⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6012 -ip 6012
1⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5184 -ip 5184
1⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 7644 -ip 7644
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7880 -ip 7880
1⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 7936 -ip 7936
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1976 -ip 1976
1⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2244 -ip 2244
1⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7252 -ip 7252
1⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 7344 -ip 7344
1⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8052 -ip 8052
1⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 7844 -ip 7844
1⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 7596 -ip 7596
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7836 -ip 7836
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 8104 -ip 8104
1⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 7560 -ip 7560
1⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5648 -ip 5648
1⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7808 -ip 7808
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7552 -ip 7552
1⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7356 -ip 7356
1⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6844 -ip 6844
1⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6808 -ip 6808
1⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 8148 -ip 8148
1⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 8060 -ip 8060
1⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6080 -ip 6080
1⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8040 -ip 8040
1⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 7656 -ip 7656
1⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 7616 -ip 7616
1⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7696 -ip 7696
1⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5336 -ip 5336
1⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2268 -ip 2268
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 3508 -ip 3508
1⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5956 -ip 5956
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6976 -ip 6976
1⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1820 -ip 1820
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3544 -ip 3544
1⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 4784 -ip 4784
1⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6852 -ip 6852
1⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3900 -ip 3900
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7108 -ip 7108
1⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5416 -ip 5416
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7568 -ip 7568
1⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4392 -ip 4392
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5160 -ip 5160
1⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6908 -ip 6908
1⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6180 -ip 6180
1⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 2712 -ip 2712
1⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5172 -ip 5172
1⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 6396 -ip 6396
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 6200 -ip 6200
1⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4416 -ip 4416
1⤵
PID:14664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5228 -ip 5228
1⤵
PID:14672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 2096 -ip 2096
1⤵
PID:14684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6840 -ip 6840
1⤵
PID:14696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 6828 -ip 6828
1⤵
PID:14808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5384 -ip 5384
1⤵
PID:14900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6776 -ip 6776
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6600 -ip 6600
1⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 7132 -ip 7132
1⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 5148 -ip 5148
1⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 6960 -ip 6960
1⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6252 -ip 6252
1⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4952 -ip 4952
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 7216 -ip 7216
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 7708 -ip 7708
1⤵
PID:15036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7136 -ip 7136
1⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7248 -ip 7248
1⤵
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6216 -ip 6216
1⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 8076 -ip 8076
1⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 9056 -ip 9056
1⤵
PID:14904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7308 -ip 7308
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 8520 -ip 8520
1⤵
PID:14808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 7184 -ip 7184
1⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 6744 -ip 6744
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1516 -p 8704 -ip 8704
1⤵
PID:14912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1544 -p 2248 -ip 2248
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1576 -p 8004 -ip 8004
1⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1608 -p 7584 -ip 7584
1⤵
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1664 -p 5940 -ip 5940
1⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1640 -p 10016 -ip 10016
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 5520 -ip 5520
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 7832 -ip 7832
1⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7728 -ip 7728
1⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1708 -p 7748 -ip 7748
1⤵
PID:13724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1732 -p 7744 -ip 7744
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1520 -p 7384 -ip 7384
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1548 -p 8516 -ip 8516
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1748 -p 3364 -ip 3364
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 4600 -ip 4600
1⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7692 -ip 7692
1⤵
PID:15200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6436 -ip 6436
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7860 -ip 7860
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1600 -p 7624 -ip 7624
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1656 -p 8112 -ip 8112
1⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 7128 -ip 7128
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6380 -ip 6380
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1736 -p 10232 -ip 10232
1⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1788 -p 9220 -ip 9220
1⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1764 -p 6452 -ip 6452
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4624 -ip 4624
1⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 4760 -ip 4760
1⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 692 -ip 692
1⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7468 -ip 7468
1⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 7988 -ip 7988
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1496 -p 11436 -ip 11436
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1672 -p 6892 -ip 6892
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 7984 -ip 7984
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4692 -ip 4692
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6920 -ip 6920
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1832 -p 1208 -ip 1208
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1860 -p 5184 -ip 5184
1⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1732 -p 7120 -ip 7120
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1904 -p 4060 -ip 4060
1⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1932 -p 4104 -ip 4104
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 6412 -ip 6412
1⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6212 -ip 6212
1⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1588 -p 228 -ip 228
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1996 -p 6444 -ip 6444
1⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6896 -ip 6896
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2024 -p 5684 -ip 5684
1⤵
PID:14704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1908 -p 5288 -ip 5288
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1904 -p 996 -ip 996
1⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6384 -ip 6384
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1852 -p 6188 -ip 6188
1⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1828 -p 6872 -ip 6872
1⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1772 -p 5604 -ip 5604
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6236 -ip 6236
1⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2028 -p 6984 -ip 6984
1⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6464 -ip 6464
1⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1864 -p 6092 -ip 6092
1⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1600 -p 8880 -ip 8880
1⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1616 -p 9212 -ip 9212
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 9976 -ip 9976
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8856 -ip 8856
1⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 5224 -ip 5224
1⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 2760 -ip 2760
1⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 9008 -ip 9008
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 10288 -ip 10288
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 9460 -ip 9460
1⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1696 -p 10248 -ip 10248
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 8148 -ip 8148
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6944 -ip 6944
1⤵
PID:12420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe

Filesize
468KB

MD5
e666fbbeed413d23f35bc0e40ed1a733

SHA1
6c24c2e8277b428a357609e09432fa12da4f2162

SHA256
28951a18261097c0f2a15c0b0854c42319923865e350e39524e0084b68c8fa59

SHA512
eda9247aa2d3eb12f517853b219f480d88e8790aa47ac8cfe2b19e8984c2e2157ed7b8ed579a3546e6f6d6b8be6f5a625b4f589a480e1e6526714e11f17069e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe

Filesize
468KB

MD5
0a739c51def49bb180ce6205a1b5572d

SHA1
937fa9cba1f2fe41afd3df2741c5d425d35fa744

SHA256
216acfcf714639a0cb68e02e999df63b786a71ef37c7d61c94e3625818a2fea0

SHA512
76d8c5a876116154b701d324f30637fc95fbb43fe70285c73a7961d2c7c6156c2059f67e13f7bd88668853699ce0943f067950638554c63b761ceaaed0361025

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe

Filesize
468KB

MD5
74e2196564884237c6b200c9a53a30a6

SHA1
598df7137a423bf474f0dfd6d0cf6c7eff72916f

SHA256
4c5a33e6712a9dbe22efa07363cba2389c322bd51a52ff7b8414a968aa0cabf0

SHA512
f0d9d37778b279ebbc710506edc5ec43343b3639ed9033578b84e6c1e25ea2454cf37366bd0c8c6e9677b1c8fe372d81c2ebdae0605c06beac21d40c6af7cb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe

Filesize
468KB

MD5
f720ba6ca464f1a43e64716231c46513

SHA1
7647809b1d43b5adb3d61ccef5a4c4ac11134c2f

SHA256
d9832de8d662b7e4b9ec118816bdeafe59423eb6e274d3462cbba875fd843d6a

SHA512
b560d904811f022875de316319501755d10947be4f0a50e878c3f3ca3c533d92cf8beb43e3c3a477907bfce8989357bc27fde51f250d3a1c9a7646ff89ac6919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe

Filesize
468KB

MD5
025cc6caa08cdb110c5ae7acba96aa4a

SHA1
3877a3f88cf19d39cbdfe4d32ee6176555788e84

SHA256
b8e980ded5e213122ccc1a3ef1182303762dcc44e611e5c9bc665da30332e6a1

SHA512
f7d20fbf0cd6843b1f5e7ea1592f164e654e17687f166fee158816c7b030a758c8b51d1397739e6fccf0f854c3054a282fc39768c474bca3299eca1bfa1c4a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe

Filesize
468KB

MD5
0122cd6ea3722d5cef878b0294834f1e

SHA1
75ffa8ee9e0dd4282502015603164e630cf4868e

SHA256
043a8d11e296c851a94a6c8eacf62c1e10c566cd65fe1cb02636badac250d204

SHA512
2f750f41a7be207a757b9b602503394e5011d8a0e7d6f24d120da3014685297014e520eda934752bd7c74129f86a00d8b1fda86a9204c183d4752fc274d76944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe

Filesize
468KB

MD5
04dcbf5b99394126b3bb8beb71478ef8

SHA1
4bd0479553bbf768bde4bd3312294cf0dd74ebfe

SHA256
3aafe449b478304f4c7c4850b228179829f541f89089260fb8ee6c691882d41c

SHA512
7ab814f2af912d485f517c7f358604c4a076289b83d4d153731d5a3f121e6c24693b3bd975da591308be63b7a6e60d3178db92a408912f3723b6d86d43f94ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe

Filesize
468KB

MD5
8c1650d5d267a2bdadd25ccb5e65b341

SHA1
448aa1c99fc7ba6dd7ec66c42cfbf358d0cf0d6f

SHA256
2a75d68c2cfedf23eb73ede3a505fcb902ea0695d16bbc0e31cdc16320606254

SHA512
95be1c9fdde6bbbcc78ca02996e1e8b504dd50ef8fb416fb6b362ec6ac0d2b7da369c8de4440e776c24d1d3fc5904757b6f019d661f8b003844e87990da315b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe

Filesize
468KB

MD5
bf1b19f4f9dd061b9389a228909bcb5f

SHA1
9670bf6609e53906fda33da1b9b75d3c4f815148

SHA256
f369b9714d5abc9cb9d17ee06d831003d538681904f1a55b23d315ea9503e20b

SHA512
e9a72b4f6d35af59a65a330aed8d4056398c9a5df07579625b8a56745abfdb6ac1822eb547f9563c75def62ddca7481a7f116d95010c4a7bf5c402177b7656aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe

Filesize
468KB

MD5
6c9db217ab411cce1ffc91601d9342a5

SHA1
5c7482a6e9dc2d27005f83cae77adbdd58c77f8b

SHA256
4797e2cd595a8f5a39fa43110574d1565784f30b80754da31ae315b2e7048b41

SHA512
5d989c8ca472154c80e80d4913a163ff6c2562c8ea60d6faefec2fc7437123efe9a7a308ddc975ccbc891cf5d2bb5671294c183e0c628637718372d6c1516e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe

Filesize
468KB

MD5
d7dd10d6f2055968b3873c2a7c7d1dc2

SHA1
ca5ae97fb2147cd7310fc5304bcb83ebf641d689

SHA256
b3e72f93ae83c66dc362c905dab126f879d7feca7844a25763772d0d5863a11a

SHA512
e7ecf9308c9833dc705db17bed1d10c88f5c551ea684b617d0e0a61b9d43bed45686a5c72196b14d05f0132d5cb24028d2e4b4581c82c84d5f4dd36bc9fad185

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe

Filesize
468KB

MD5
d43889990a62677d5735c48855dc0b56

SHA1
ead6aa9db765651836dbcd787026aced1d427e39

SHA256
d69e8524ffc0a4feced949ae59e21e26a49b326eede84300f6168a2abece0726

SHA512
d49d0c242b69004231418e9ab94e3f1403cc0b95f634cd1be3c1578d699cfe7a39be1ac4606edf114d0e7fc0a45bd9edeb3964b28706855a8b834f1b296273a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe

Filesize
468KB

MD5
8266466036af6194b24552922b46cd2a

SHA1
92acbd3e9f00e4c7e85f73649d5b166160398848

SHA256
0d4294ae75c3ddd65490a5fd3cc3ed1c1f754560f4c526ca75fd9198f10b0f6a

SHA512
e37e55ac0a6344afb4d1cbb1da07693aac23a68c09726f052f8e237714c386ff453097b5abfc71d928eacf59212484f654238617a5dc6347ee03a7ae2fc34b6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe

Filesize
468KB

MD5
09b3fc3a42403beab4639ccb1a6d0a2b

SHA1
0342248a10ea4822acd79c6c4de88fecc6bbcdaa

SHA256
4c18d33d93aa7b6b86f98a430b3479f84d6563bfbf627a63e840bda639590e62

SHA512
d8f203d7806040b642e3dd4f0518c1dd776ee54a5925954b3e1d15cbd02181e0c00967e7e35a5b4f3202910c60ba0424c209a6d118f7c551431ced4a4f154610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe

Filesize
468KB

MD5
1fe171623b7ae470bdab79f6b44a3865

SHA1
63d6aa677976ce07d142ae3bb2bc73e5db67ca31

SHA256
2ed9076ffda3394966084ba35fb1b09c5e76e4ceffd5cde2d7be29daa1696704

SHA512
bc6a2b490990732e7edb522f8e87a1fff0216b5aeae60ec9c3ae65cf30d6d6e524ca94f9fd1210d152247517fdda2f9c3073a1948364a6cef93b6d5fd386caf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe

Filesize
468KB

MD5
0f05c0d50e3f893a48c3bff3dcaeefbb

SHA1
3bc2d83228c5271cca1403fb189a971741a4fcf2

SHA256
a5f10171efa97c981f682cedfa1f0b2177989cc16fad75ffa20fb909a4e8f57d

SHA512
ec17866de88703f44984dc0a3b9f18b63b87c5f201290da4f052ce5eec47d42ff8f84ae1b09f2e12d7c5b503707e5b04fcbd44831f2bcfa0703e0304f732154c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe

Filesize
468KB

MD5
825975303e4bbf1e90172e62a7cea14b

SHA1
9bc8e5a6380a4179a3a9075c90afa3d6c52ffb32

SHA256
41a93d6688f4bf6131c73df66e20d021b018b397d5a0068f0894abe81a047698

SHA512
54f08c562d0aa349ecc8861d0cbd55a4d16ac2659fb9dec7fbb4c2ca8ee0cd17ce08cfef7d4b55cdd9eb3a7c850de3fd2fc54149363621237c8f4f38fd5f5d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe

Filesize
468KB

MD5
6755f012857bd3f3b2edc48eb52a401d

SHA1
263f0a97dce36c1a3aff4843aa32c19e4c8e0177

SHA256
015eaa814eacc477ac8e4a550aeae2c0fab5e0989cba37a32d85777c68b57b19

SHA512
71cc2ad982398a23a28b7fa39407660dc3d2e50ef12234a8f1843ba14acba5ace9dc2cffb5c9b11fb863ceee228203ee2f667895b8733cf10e8dd36dfb7809d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe

Filesize
468KB

MD5
88bb39355c58e06e90e4fb194f86ec83

SHA1
2c33268e98781ad860f66000d6c49ca932010d93

SHA256
d8a92a74039a86b29fd7b4c217e5d4486d507c690ba6f5ff22ea5ae1a32cb08f

SHA512
b9238168120517c539cc5293a480a1a3c3538f782f505fc5abbc5dcd1f560ab7709b6a6f30a8e0651787edb7897e8d725921ffa5944e7b192784d23888688f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe

Filesize
468KB

MD5
a483bc6c6fa9fee9df3fa43298b874ca

SHA1
de83a847e45458191a1495e7ae1cce8bcced275c

SHA256
9208e2e38238f3ef880cb0cffee8305d27e0a131028eb30978437ce899fc3570

SHA512
fa1e41390d438fa3ef9a56ee1df5a06c30559684ebdb069350a91a0ad544f18e4775b04e0a9df9801f20941692ffc02ee16205353177cbade781fd76e69c4f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe

Filesize
468KB

MD5
e796a1ea2396d0fa67cda6e331cb3581

SHA1
6f804a5d1186ce3c4f34f5e4f6be6f12c6bbc093

SHA256
5263e415c5eaa18a9b39ed99aec3ae944e5e25def574ee44e36c1ab5298bece8

SHA512
0926287b1e5d6c4a2bd20dd24ebf0393d38caf98b828098a2cd7fde1f9f6a90c624d34dac23aaf7b58ff554ea614f42de3a6b4d64cb9f5eda2cd50037a25759c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe

Filesize
468KB

MD5
b54aad634c0eefcfcef94505fe3f4fa7

SHA1
db2eb37d236bff5528cff5c93407135c3c925ea2

SHA256
9dafb855db80a04fc8484f2f49fd50bc84ca4067a3dbd97bbba0d4af114d7d89

SHA512
c986103f0f0274524ebc4d3dcec57a635b3bbcdb38babc322fb102b23b6d25ea1d970b959fd8342437f7a5fc4e21ca6bd3cdef226ca7993a8caf22bacc362ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe

Filesize
468KB

MD5
2e9da733490112ed43fe2e20fecd8c6d

SHA1
54f75fcde424ed325b634316e17280d4901b61cb

SHA256
0f7c531d297243d26ec60475de05125b1853c21aaae48bb1db1602179bc8fedb

SHA512
cf3a1c51f516d5d89a91144421c132344eb9c4f17e2032d54283b3f6188404aaaa139e654c056aa5cf78d780d62634580929b92b80cbc0447f324cddf3f7c172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4244.exe

Filesize
468KB

MD5
fe23219ad223e43f51da5d84dcd3e70a

SHA1
cc08a79ce6b73f8da2edf56f5599d80417d3da68

SHA256
e18fcb709f79099c9397ed569a6437d87cda5eb5a1f3f38a99fe7f3f94105f8a

SHA512
3c3ed1ed8e428167e84aa1e7232459070a0efc081e1a1220050ff9cb283911c06d9939fb41b8abd65414d3c193d0ff01e30bd6a2354e3ca95c120228fe9623ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe

Filesize
468KB

MD5
f475d5337f21d6e68e6d7da4beb3b32d

SHA1
9a45d840e4ad96779c9e08cd7d0747bfb0152c53

SHA256
0c9b5275d9b8eb39350391eef48cd073c29d289d205bc34f9afaa0a5fa399ef2

SHA512
7d04d9a886801f34c1ad86fd90d1c998c55b98cadc9357a1252b273de6ac2798b51cee5a886ea52bb4446a63997da456bca9b542463de5e07961e7635d43d954

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe

Filesize
468KB

MD5
840cfc4b0255006d5fffce61ba98f027

SHA1
e980319a1dca285e0a54c26976bcbc8968ffb578

SHA256
9a231124d717380cc05819558de859a1a4190f6e67fac766a8fec231401ff68a

SHA512
55ee4599821322681861ee312d18cd869f565b1366bd82202a7a6e708b24f0a873875993504fe1159b739a9d60b091cddde52421837b5c6c6688ad0e8c50da2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe

Filesize
468KB

MD5
a5622115909cd039a65b5006d41f83eb

SHA1
1382fbb51df6d0e023e820ddcfe86183659b9a1a

SHA256
976c50b2bb971891bcc891d4f21098f914e0d071830c5b883ee08aa499610877

SHA512
a56e21498b0fbf9d98c50bfccf0afa66826461ec137f35be6f4127afff36a703d0b2f04e2bbeef1c7d11b54ee833523971b91657522c27ef12e6e5545259e05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe

Filesize
468KB

MD5
74f7190cc449e8ce2b73a4b80d8ccb66

SHA1
457f2b7ceea81ff98028d05131a05c94b04c8275

SHA256
cd8ae26e7fbba4338f2b25d3b400250444ddb077c6f7187674697e154b43974f

SHA512
2845f6ea204abb40753313428da152dba3a1eb8473f4dbc00561ca2da9818237fb61932e1dc69e72e8284f8d5d6366c66cee5497c688fca159d865c34de665c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe

Filesize
468KB

MD5
ff545aa18e5bf94e95c8bc906d447f65

SHA1
19e8c575428c2abf7eb527854a75c8dd730accd1

SHA256
ca31b3295208b8a74c717a342b3cfe5ccb082739737f658011446670db97a9f3

SHA512
af85153f32901e0f2f14b9645577886cb221a044e74c6c4d574c491bff5b89f55cf8427288c2a560bcbd903aeb353b3566133ec859ae1a2a9bb16a9d3aacaf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe

Filesize
468KB

MD5
8b4d7e8b8a9b2b603ff23e310f19e1d1

SHA1
a70518aa42d22246f581ba54d2d49d30029091dd

SHA256
10234f38fd25ee09379923935450c047ca180c8b10d32343f52346379055f2f1

SHA512
d1ce98315d134e1afcf6e87ef0a92d2bbed12598cfcc3b7b01cda285379a4658d9b65a55917fb83dc0ac249fa09bc1a361d8207e225d4c62da063648f5071611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe

Filesize
468KB

MD5
b1ea832faea1ced1904d2fddddaa032e

SHA1
1dcd8295828a70254df0dfa66bbc4eca39d5d84b

SHA256
600e7c93fd6434daffdb07d953f9fe2fe1b9ae640f12cca7896038be59788b00

SHA512
53468f18a76ebea9026cc1c7b2085a60041543e7fa06dda299652d96b5cb4bad7a9c918f31998e60915403a48a347ab6f13e99c4c9c3c7fef4fb9e3fc52a2ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe

Filesize
468KB

MD5
f15be1f143c7dcc25d5034265583e69e

SHA1
9bc30051f68d565fe5c1c63619c8cd1be4b7d6eb

SHA256
4026df2ac67170ca4adf2f294ffc1f68a65181f599c16e64f335fa0d923f7b7d

SHA512
a4eae248ce7e853ec1e840fa10fcf3b7a208dee0a36c61e681b63255ab600ff42c0ade15fc942cb0d6a9285ddf2b4d87d4a17891d69f97b27e3072f57216d245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe

Filesize
468KB

MD5
0313e713fe051fd6aadd5d0d3e92f487

SHA1
cf6fbfe97abd3dfe70599c766932fcce92234b3b

SHA256
c034a319ea15538ad0b63cd37015f7f236c947a49cfd61b40eb80a0f9a98c90a

SHA512
4a5b0e7a55d344a35b72764c6ecca7fb658db447c9a3123a2fee2f442310d4be3c1aa310d0f342d82bd8dc9898f40f2deff7bb4f1e5f89dc166b121e001c68f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe

Filesize
468KB

MD5
77ffcf5f6eb0dcc157a707d7efcc5b17

SHA1
98e8436dc49aa7d9adc945c7a7e6ab58c162b7a0

SHA256
7b6005e4aeafc30a9add8e0ba554ff8c10ebf1771e24c3cb58c6583a1ce94763

SHA512
8878f6fdcad3da4beb3a1ff14e5524288a51e44032635e3d4e160bb6876f781e6f70b494266863b752594cb8ac49bcb09cacd673e55a12503fe580b34b28a507

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe

Filesize
468KB

MD5
e2aebe078f73ad21ca3ca6f5d198cdbe

SHA1
1be0838f94c989938b8b62d6209a608a82d546f9

SHA256
c4f728c62048557edb91d57f4faf7d5c232dcb95691516cbd7ef01ea7f08b051

SHA512
6ca5e6d5e8b625241181d02311e0162966608dddd4341a756a007a7dc56d627c52ace71288fdbe222cc76e4fe1b82a8fabc515172b805629bc9c9f865a671079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe

Filesize
468KB

MD5
aa8823d23ca5837d62416b0a05c81bf1

SHA1
3995a57c22dfd8a466012e48bb2cb72b21b84eed

SHA256
8ae0caaf2b82c645dc8d1c613368a13ca2be77e3e674e3836bb16cb6f5be1dba

SHA512
8014716f99dec1021ed1158f16124d1fdb34a6acb847a9fc1c587cf4e67c8650237447055c4f767b4ae9ecd50c08d2f9011d64c610984a974201c56d9ad08bae

Download Submit