c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffa

Analysis

max time kernel
62s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe
Size

468KB
MD5

a066d50c7fd0b3f3156b8b9ea225c7b0
SHA1

d157f2625272bb44a8b4228638d401a9163da9ee
SHA256

c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffa
SHA512

b2e0c2dc03279bb39e3981c3d833a73c10e696a3e7cddbb9596448620e0dc6a7d7e954c60afcf4a2f8ba58603c9f1609f7ff2bce038b83a47a0826a5b27d21f2
SSDEEP

3072:1U3HogISIE5TtbYXHzcOcf8/zCcaP0pkJVHeTVPlMM1LJ7ggmflQ:1U3obMTtIH4OcfVY1fMMx9ggm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2280	Unicorn-18578.exe
2928	Unicorn-18194.exe
3452	Unicorn-30616.exe
3176	Unicorn-18210.exe
3292	Unicorn-31400.exe
4620	Unicorn-51266.exe
5008	Unicorn-61472.exe
2316	Unicorn-5550.exe
4148	Unicorn-38223.exe
3408	Unicorn-35077.exe
624	Unicorn-54943.exe
4684	Unicorn-54678.exe
5004	Unicorn-38415.exe
3456	Unicorn-19618.exe
1444	Unicorn-64573.exe
3516	Unicorn-51295.exe
4944	Unicorn-31621.exe
4084	Unicorn-37948.exe
3952	Unicorn-53023.exe
4900	Unicorn-59302.exe
3220	Unicorn-59567.exe
2520	Unicorn-23365.exe
4864	Unicorn-10366.exe
4088	Unicorn-17388.exe
4988	Unicorn-3852.exe
724	Unicorn-9982.exe
3748	Unicorn-5113.exe
1216	Unicorn-56915.exe
4732	Unicorn-38815.exe
4192	Unicorn-3490.exe
4280	Unicorn-505.exe
1492	Unicorn-38239.exe
4948	Unicorn-23631.exe
4440	Unicorn-53459.exe
3264	Unicorn-24591.exe
3500	Unicorn-24015.exe
3080	Unicorn-25276.exe
1068	Unicorn-47279.exe
3960	Unicorn-63615.exe
1056	Unicorn-63615.exe
4144	Unicorn-31135.exe
2164	Unicorn-63615.exe
944	Unicorn-15676.exe
1096	Unicorn-58362.exe
3096	Unicorn-15026.exe
976	Unicorn-56717.exe
2016	Unicorn-42981.exe
3556	Unicorn-44243.exe
3592	Unicorn-55178.exe
832	Unicorn-45862.exe
728	Unicorn-20661.exe
2244	Unicorn-26261.exe
1204	Unicorn-40751.exe
4120	Unicorn-7886.exe
3972	Unicorn-53750.exe
4612	Unicorn-8078.exe
5056	Unicorn-1948.exe
4548	Unicorn-40367.exe
2948	Unicorn-56438.exe
3144	Unicorn-36837.exe
1284	Unicorn-56319.exe
3680	Unicorn-51450.exe
4860	Unicorn-25375.exe
2932	Unicorn-40677.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4136	3176	WerFault.exe	90
3760	4148	WerFault.exe	97
4896	624	WerFault.exe	99
3700	624	WerFault.exe	99
4520	3176	WerFault.exe	90
3560	4148	WerFault.exe	97
3164	4088	WerFault.exe	112
3696	4684	WerFault.exe	100
3168	4088	WerFault.exe	112
2912	4684	WerFault.exe	100
888	1492	WerFault.exe	132
1680	4084	WerFault.exe	106
4360	4084	WerFault.exe	106
3760	1492	WerFault.exe	132
3148	728	WerFault.exe	153
4888	832	WerFault.exe	152
1364	2016	WerFault.exe	148
1292	3556	WerFault.exe	150
5196	3144	WerFault.exe	170
5148	4944	WerFault.exe	105
1804	4948	WerFault.exe	134
3172	4572	WerFault.exe	201
6180	5804	WerFault.exe	256
6732	5276	WerFault.exe	280
6828	5480	WerFault.exe	244
7652	1444	WerFault.exe	103
5456	6508	WerFault.exe	382
9244	5760	WerFault.exe	297
9236	5848	WerFault.exe	290
8540	5680	WerFault.exe	282
9180	5828	WerFault.exe	257
9344	5444	WerFault.exe	437
9440	5996	WerFault.exe	319
9084	5396	WerFault.exe	309
9640	4348	WerFault.exe	316
9644	5748	WerFault.exe	320
10232	6752	WerFault.exe	462
4752	6392	WerFault.exe	489
10208	1696	WerFault.exe	457
10188	3176	WerFault.exe	485
8836	7172	WerFault.exe	493
9016	3068	WerFault.exe	480
8864	7076	WerFault.exe	463
4804	4632	WerFault.exe	525
8720	7352	WerFault.exe	499
9960	5556	WerFault.exe	473
6692	7144	WerFault.exe	469
4840	5216	WerFault.exe	472
4656	4640	WerFault.exe	475
9992	5564	WerFault.exe	488
9388	8168	WerFault.exe	523
7300	8012	WerFault.exe	518
9972	7468	WerFault.exe	502
4060	1964	WerFault.exe	533
10280	5532	WerFault.exe	277
10268	2164	WerFault.exe	415
6296	5856	WerFault.exe	311
7664	1008	WerFault.exe	530
6596	7316	WerFault.exe	498
7800	8020	WerFault.exe	519
6288	7988	WerFault.exe	517
9664	7576	WerFault.exe	509
10844	3012	WerFault.exe	221
8880	4896	WerFault.exe	465

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56438.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe
2280	Unicorn-18578.exe
2928	Unicorn-18194.exe
3452	Unicorn-30616.exe
3176	Unicorn-18210.exe
5008	Unicorn-61472.exe
4620	Unicorn-51266.exe
3292	Unicorn-31400.exe
2316	Unicorn-5550.exe
5004	Unicorn-38415.exe
1444	Unicorn-64573.exe
3456	Unicorn-19618.exe
4684	Unicorn-54678.exe
3408	Unicorn-35077.exe
4148	Unicorn-38223.exe
624	Unicorn-54943.exe
3516	Unicorn-51295.exe
4944	Unicorn-31621.exe
4084	Unicorn-37948.exe
4900	Unicorn-59302.exe
3952	Unicorn-53023.exe
4864	Unicorn-10366.exe
3220	Unicorn-59567.exe
2520	Unicorn-23365.exe
3748	Unicorn-5113.exe
4988	Unicorn-3852.exe
4088	Unicorn-17388.exe
724	Unicorn-9982.exe
1216	Unicorn-56915.exe
4732	Unicorn-38815.exe
4192	Unicorn-3490.exe
1492	Unicorn-38239.exe
4280	Unicorn-505.exe
4948	Unicorn-23631.exe
4440	Unicorn-53459.exe
3264	Unicorn-24591.exe
3500	Unicorn-24015.exe
4144	Unicorn-31135.exe
1068	Unicorn-47279.exe
3080	Unicorn-25276.exe
944	Unicorn-15676.exe
1056	Unicorn-63615.exe
1096	Unicorn-58362.exe
3556	Unicorn-44243.exe
2164	Unicorn-63615.exe
976	Unicorn-56717.exe
3592	Unicorn-55178.exe
3960	Unicorn-63615.exe
3096	Unicorn-15026.exe
2016	Unicorn-42981.exe
2244	Unicorn-26261.exe
832	Unicorn-45862.exe
728	Unicorn-20661.exe
1204	Unicorn-40751.exe
4120	Unicorn-7886.exe
3972	Unicorn-53750.exe
4612	Unicorn-8078.exe
4548	Unicorn-40367.exe
5056	Unicorn-1948.exe
3144	Unicorn-36837.exe
2948	Unicorn-56438.exe
1284	Unicorn-56319.exe
3680	Unicorn-51450.exe
2932	Unicorn-40677.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 2280	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	84
PID 4816 wrote to memory of 2280	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	84
PID 4816 wrote to memory of 2280	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	84
PID 2280 wrote to memory of 2928	2280	Unicorn-18578.exe	87
PID 2280 wrote to memory of 2928	2280	Unicorn-18578.exe	87
PID 2280 wrote to memory of 2928	2280	Unicorn-18578.exe	87
PID 4816 wrote to memory of 3452	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	88
PID 4816 wrote to memory of 3452	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	88
PID 4816 wrote to memory of 3452	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	88
PID 2928 wrote to memory of 3176	2928	Unicorn-18194.exe	90
PID 2928 wrote to memory of 3176	2928	Unicorn-18194.exe	90
PID 2928 wrote to memory of 3176	2928	Unicorn-18194.exe	90
PID 2280 wrote to memory of 3292	2280	Unicorn-18578.exe	91
PID 2280 wrote to memory of 3292	2280	Unicorn-18578.exe	91
PID 2280 wrote to memory of 3292	2280	Unicorn-18578.exe	91
PID 3452 wrote to memory of 4620	3452	Unicorn-30616.exe	92
PID 3452 wrote to memory of 4620	3452	Unicorn-30616.exe	92
PID 3452 wrote to memory of 4620	3452	Unicorn-30616.exe	92
PID 4816 wrote to memory of 5008	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	93
PID 4816 wrote to memory of 5008	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	93
PID 4816 wrote to memory of 5008	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	93
PID 5008 wrote to memory of 2316	5008	Unicorn-61472.exe	96
PID 5008 wrote to memory of 2316	5008	Unicorn-61472.exe	96
PID 5008 wrote to memory of 2316	5008	Unicorn-61472.exe	96
PID 3176 wrote to memory of 4148	3176	Unicorn-18210.exe	97
PID 3176 wrote to memory of 4148	3176	Unicorn-18210.exe	97
PID 3176 wrote to memory of 4148	3176	Unicorn-18210.exe	97
PID 2928 wrote to memory of 3408	2928	Unicorn-18194.exe	98
PID 2928 wrote to memory of 3408	2928	Unicorn-18194.exe	98
PID 2928 wrote to memory of 3408	2928	Unicorn-18194.exe	98
PID 4620 wrote to memory of 624	4620	Unicorn-51266.exe	99
PID 4620 wrote to memory of 624	4620	Unicorn-51266.exe	99
PID 4620 wrote to memory of 624	4620	Unicorn-51266.exe	99
PID 4816 wrote to memory of 4684	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	100
PID 4816 wrote to memory of 4684	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	100
PID 4816 wrote to memory of 4684	4816	c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe	100
PID 3292 wrote to memory of 5004	3292	Unicorn-31400.exe	101
PID 3292 wrote to memory of 5004	3292	Unicorn-31400.exe	101
PID 3292 wrote to memory of 5004	3292	Unicorn-31400.exe	101
PID 3452 wrote to memory of 3456	3452	Unicorn-30616.exe	102
PID 3452 wrote to memory of 3456	3452	Unicorn-30616.exe	102
PID 3452 wrote to memory of 3456	3452	Unicorn-30616.exe	102
PID 2280 wrote to memory of 1444	2280	Unicorn-18578.exe	103
PID 2280 wrote to memory of 1444	2280	Unicorn-18578.exe	103
PID 2280 wrote to memory of 1444	2280	Unicorn-18578.exe	103
PID 2316 wrote to memory of 3516	2316	Unicorn-5550.exe	104
PID 2316 wrote to memory of 3516	2316	Unicorn-5550.exe	104
PID 2316 wrote to memory of 3516	2316	Unicorn-5550.exe	104
PID 5008 wrote to memory of 4944	5008	Unicorn-61472.exe	105
PID 5008 wrote to memory of 4944	5008	Unicorn-61472.exe	105
PID 5008 wrote to memory of 4944	5008	Unicorn-61472.exe	105
PID 5004 wrote to memory of 4084	5004	Unicorn-38415.exe	106
PID 5004 wrote to memory of 4084	5004	Unicorn-38415.exe	106
PID 5004 wrote to memory of 4084	5004	Unicorn-38415.exe	106
PID 1444 wrote to memory of 3952	1444	Unicorn-64573.exe	107
PID 1444 wrote to memory of 3952	1444	Unicorn-64573.exe	107
PID 1444 wrote to memory of 3952	1444	Unicorn-64573.exe	107
PID 4684 wrote to memory of 3220	4684	Unicorn-54678.exe	109
PID 4684 wrote to memory of 3220	4684	Unicorn-54678.exe	109
PID 4684 wrote to memory of 3220	4684	Unicorn-54678.exe	109
PID 2280 wrote to memory of 4900	2280	Unicorn-18578.exe	108
PID 2280 wrote to memory of 4900	2280	Unicorn-18578.exe	108
PID 2280 wrote to memory of 4900	2280	Unicorn-18578.exe	108
PID 3292 wrote to memory of 2520	3292	Unicorn-31400.exe	110

C:\Users\Admin\AppData\Local\Temp\c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe
"C:\Users\Admin\AppData\Local\Temp\c2ec039aa0b7c38435da95d241f8561f2e0ad3ec7c121ae67e11290d138bcffaN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 636
        6⤵
        Program crash
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 636
        6⤵
        Program crash
        
        PID:3560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 736
        5⤵
        Program crash
        
        PID:4136
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 736
        5⤵
        Program crash
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        7⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 624
        10⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 636
        9⤵
        Program crash
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 652
        6⤵
        Program crash
        
        PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 760
        9⤵
        Program crash
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        8⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 636
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        8⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
        8⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        7⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 644
        8⤵
        Program crash
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 716
        7⤵
        Program crash
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        6⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 640
        7⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        6⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 636
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        7⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        5⤵
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 644
        5⤵
        Program crash
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
      4⤵
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 720
        8⤵
        Program crash
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        7⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 672
        7⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
        6⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 640
        7⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 640
        7⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        6⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        7⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
      4⤵
      PID:3068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 636
        5⤵
        Program crash
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
      4⤵
      PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        10⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
        9⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 640
        10⤵
        Program crash
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        9⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        9⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 720
        7⤵
        Program crash
        
        PID:1804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 740
        6⤵
        Program crash
        
        PID:1680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 740
        6⤵
        Program crash
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        7⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        8⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 720
        8⤵
        Program crash
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        8⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 736
        8⤵
        Program crash
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
        6⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        7⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 636
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe
        7⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        6⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 636
        7⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44141.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        6⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        5⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        6⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 724
        7⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        6⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
        9⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 724
        11⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 716
        10⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        9⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        9⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
        10⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        9⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        8⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        9⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 636
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 756
        9⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 628
        8⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 724
        7⤵
        Program crash
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
        6⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        7⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        7⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 636
        8⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 660
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        6⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50687.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
        6⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 644
        7⤵
        Program crash
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        6⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 720
        6⤵
        Program crash
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        5⤵
        
        PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        6⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 644
        10⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 740
        9⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
        8⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        6⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        7⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 636
        8⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 656
        7⤵
        Program crash
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        6⤵
        
        PID:8052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 632
        6⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34297.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 636
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        5⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        5⤵
        
        PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        7⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        6⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24185.exe
        5⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
        6⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
        5⤵
        
        PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
      4⤵
      PID:5216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 724
        5⤵
        Program crash
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
      4⤵
      PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
      4⤵
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
      4⤵
      PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        6⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 636
        7⤵
        Program crash
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
        9⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 660
        8⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 748
        7⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        7⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        5⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        6⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        7⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 640
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        7⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
        6⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        7⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        6⤵
        
        PID:12472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 724
      4⤵
      Program crash
      PID:7652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
      4⤵
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        6⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        6⤵
        
        PID:14236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 744
        5⤵
        
        PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        7⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 644
        8⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 752
        7⤵
        
        PID:11724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 660
        6⤵
        
        PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 636
        6⤵
        
        PID:13044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 640
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        6⤵
        
        PID:7568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 660
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
      4⤵
      PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
      4⤵
      PID:12124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        5⤵
        
        PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
    3⤵
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
      4⤵
      PID:5276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 728
        5⤵
        Program crash
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
      4⤵
      PID:6508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 724
        5⤵
        Program crash
        
        PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
    3⤵
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
      4⤵
      PID:7140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 716
      4⤵
      Program crash
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
    3⤵
    PID:7316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 636
      4⤵
      Program crash
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
    3⤵
    PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
      4⤵
      PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
      4⤵
      PID:11508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
    3⤵
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
      4⤵
      PID:14036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
    3⤵
    PID:14124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 724
        5⤵
        Program crash
        
        PID:4896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 724
        5⤵
        Program crash
        
        PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        5⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
        6⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 636
        7⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        5⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        6⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        5⤵
        
        PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        6⤵
        Executes dropped EXE
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        7⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 676
        8⤵
        Program crash
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        7⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 720
        8⤵
        Program crash
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        9⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        7⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        9⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 632
        10⤵
        Program crash
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 724
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        8⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 628
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        9⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        8⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        7⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 728
        8⤵
        Program crash
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11934.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        8⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 636
        7⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        5⤵
        
        PID:6280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 736
        5⤵
        
        PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 724
        5⤵
        Program crash
        
        PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        8⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 636
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 652
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        7⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        8⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        7⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        7⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 716
        7⤵
        
        PID:6364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 644
        6⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
        5⤵
        
        PID:8028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 724
        6⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        5⤵
        
        PID:8768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 632
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        5⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        5⤵
        
        PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        7⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 756
        7⤵
        
        PID:3808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 636
        6⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        5⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        6⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        8⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        9⤵
        
        PID:14208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 648
        8⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 752
        7⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        6⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        7⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        6⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        5⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        6⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        5⤵
        
        PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        6⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 632
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        7⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        6⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 636
        6⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
      4⤵
      PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        5⤵
        
        PID:8392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 636
        6⤵
        
        PID:12336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 616
        5⤵
        
        PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
      4⤵
      PID:9604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        5⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 724
        6⤵
        Program crash
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
        5⤵
        
        PID:9108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 636
        6⤵
        
        PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
      4⤵
      PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
        5⤵
        
        PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
      4⤵
      PID:6596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        12⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        13⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        12⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        11⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 720
        10⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 660
        9⤵
        Program crash
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        6⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 648
        10⤵
        Program crash
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        9⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 664
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        10⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        9⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        9⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        8⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        7⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 648
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        6⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        9⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 636
        10⤵
        Program crash
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 652
        9⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        9⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        9⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        7⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 504
        7⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        7⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 628
        8⤵
        Program crash
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        8⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 636
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        8⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 648
        8⤵
        Program crash
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 636
        8⤵
        Program crash
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49660.exe
        9⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
        8⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
        7⤵
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        8⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 640
        9⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        8⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        7⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 636
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        7⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        6⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 648
        7⤵
        Program crash
        
        PID:8836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 748
        6⤵
        Program crash
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        5⤵
        
        PID:6264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 636
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        5⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        6⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        7⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        5⤵
        
        PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        6⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56831.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        7⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 628
        8⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        8⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59485.exe
        6⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        7⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        6⤵
        
        PID:9168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 772
        6⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 636
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        5⤵
        
        PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11486.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        7⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 636
        8⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 744
        7⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        6⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 636
        7⤵
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 744
        6⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
        5⤵
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 636
        6⤵
        Program crash
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        5⤵
        
        PID:8780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 636
        6⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        5⤵
        
        PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
      4⤵
      PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        6⤵
        
        PID:12452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 724
        5⤵
        
        PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
      4⤵
      PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        5⤵
        
        PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
      4⤵
      PID:13372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 724
        5⤵
        Program crash
        
        PID:888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 724
        5⤵
        Program crash
        
        PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 616
        5⤵
        Program crash
        
        PID:5196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 480
      4⤵
      Program crash
      PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41365.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        7⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 644
        8⤵
        Program crash
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 636
        7⤵
        Program crash
        
        PID:9388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 744
        6⤵
        Program crash
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        9⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        7⤵
        
        PID:6056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 656
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        5⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        6⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
        5⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        6⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        5⤵
        
        PID:716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
      4⤵
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        6⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 636
        7⤵
        Program crash
        
        PID:9992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 628
        6⤵
        Program crash
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64678.exe
        7⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        6⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
      4⤵
      PID:7144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 724
        5⤵
        Program crash
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
      4⤵
      PID:9004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 636
        5⤵
        
        PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
      4⤵
      PID:11960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
    3⤵
    PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
      4⤵
      PID:10804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
    3⤵
    PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
      4⤵
      PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        5⤵
        
        PID:11192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
    3⤵
    PID:12544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
    3⤵
    PID:2100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        5⤵
        
        PID:4768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 748
    3⤵
    - Program crash
    PID:3696
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 748
    3⤵
    - Program crash
    PID:2912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 724
    3⤵
    - Program crash
    PID:3164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 724
    3⤵
    - Program crash
    PID:3168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 728 -s 648
    3⤵
    - Program crash
    PID:3148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
  2⤵
  PID:4572
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 640
    3⤵
    - Program crash
    PID:3172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
  2⤵
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
    3⤵
    PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        5⤵
        
        PID:4280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 640
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1173.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
      4⤵
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
    3⤵
    PID:8012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 636
      4⤵
      Program crash
      PID:7300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
    3⤵
    PID:7464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
    3⤵
    PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
      4⤵
      PID:14096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
  2⤵
  PID:7108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
    3⤵
    PID:4956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 640
      4⤵
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
    3⤵
    PID:10784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
    3⤵
    PID:5376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
  2⤵
  PID:8912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
    3⤵
    PID:6804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
  2⤵
  PID:11500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57235.exe
  2⤵
  PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3176 -ip 3176
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 624 -ip 624
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4148 -ip 4148
1⤵
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 624 -ip 624
1⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4148 -ip 4148
1⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3176 -ip 3176
1⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4088 -ip 4088
1⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4684 -ip 4684
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4088 -ip 4088
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4684 -ip 4684
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1492 -ip 1492
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4084 -ip 4084
1⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1492 -ip 1492
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4084 -ip 4084
1⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 832 -ip 832
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 728 -ip 728
1⤵
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2016 -ip 2016
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3556 -ip 3556
1⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1056 -ip 1056
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1216 -ip 1216
1⤵
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3456 -ip 3456
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 724 -ip 724
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3408 -ip 3408
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4620 -ip 4620
1⤵
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3220 -ip 3220
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3452 -ip 3452
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1216 -ip 1216
1⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1056 -ip 1056
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3408 -ip 3408
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 724 -ip 724
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3456 -ip 3456
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2948 -ip 2948
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4620 -ip 4620
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3144 -ip 3144
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4948 -ip 4948
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4944 -ip 4944
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3220 -ip 3220
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3452 -ip 3452
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3500 -ip 3500
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4144 -ip 4144
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1696 -ip 1696
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2948 -ip 2948
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 832 -ip 832
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4948 -ip 4948
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 728 -ip 728
1⤵
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4768 -ip 4768
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1696 -ip 1696
1⤵
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3500 -ip 3500
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4144 -ip 4144
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1588 -ip 1588
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4336 -ip 4336
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4572 -ip 4572
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2016 -ip 2016
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2244 -ip 2244
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3592 -ip 3592
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4556 -ip 4556
1⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3960 -ip 3960
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4768 -ip 4768
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2164 -ip 2164
1⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1588 -ip 1588
1⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4336 -ip 4336
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3556 -ip 3556
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4632 -ip 4632
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5444 -ip 5444
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5504 -ip 5504
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5336 -ip 5336
1⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5480 -ip 5480
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5252 -ip 5252
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2244 -ip 2244
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3960 -ip 3960
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4556 -ip 4556
1⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5804 -ip 5804
1⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5976 -ip 5976
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3592 -ip 3592
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3952 -ip 3952
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2164 -ip 2164
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5512 -ip 5512
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6036 -ip 6036
1⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5244 -ip 5244
1⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1204 -ip 1204
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4548 -ip 4548
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1284 -ip 1284
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4612 -ip 4612
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3972 -ip 3972
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4280 -ip 4280
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2932 -ip 2932
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4440 -ip 4440
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5720 -ip 5720
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3700 -ip 3700
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4848 -ip 4848
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1444 -ip 1444
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1924 -ip 1924
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3264 -ip 3264
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1580 -ip 1580
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4632 -ip 4632
1⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5756 -ip 5756
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5444 -ip 5444
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5820 -ip 5820
1⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5504 -ip 5504
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5336 -ip 5336
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5276 -ip 5276
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5696 -ip 5696
1⤵
PID:376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5480 -ip 5480
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5252 -ip 5252
1⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5460 -ip 5460
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4944 -ip 4944
1⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 1096 -ip 1096
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 3952 -ip 3952
1⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5976 -ip 5976
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2604 -ip 2604
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 996 -ip 996
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 764 -ip 764
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5512 -ip 5512
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3252 -ip 3252
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5244 -ip 5244
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6036 -ip 6036
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4548 -ip 4548
1⤵
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1284 -ip 1284
1⤵
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1204 -ip 1204
1⤵
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4612 -ip 4612
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2932 -ip 2932
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4280 -ip 4280
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3972 -ip 3972
1⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5720 -ip 5720
1⤵
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4440 -ip 4440
1⤵
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 3700 -ip 3700
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4848 -ip 4848
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3264 -ip 3264
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1580 -ip 1580
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5756 -ip 5756
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 1924 -ip 1924
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1444 -ip 1444
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5820 -ip 5820
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5696 -ip 5696
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3144 -ip 3144
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5460 -ip 5460
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1096 -ip 1096
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5996 -ip 5996
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2604 -ip 2604
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 996 -ip 996
1⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 764 -ip 764
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 3252 -ip 3252
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3588 -ip 3588
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5928 -ip 5928
1⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1344 -ip 1344
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1280 -ip 1280
1⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4248 -ip 4248
1⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5112 -ip 5112
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6300 -ip 6300
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4840 -ip 4840
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6324 -ip 6324
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6372 -ip 6372
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6244 -ip 6244
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6492 -ip 6492
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6740 -ip 6740
1⤵
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3248 -ip 3248
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6156 -ip 6156
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6444 -ip 6444
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6280 -ip 6280
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4132 -ip 4132
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1048 -ip 1048
1⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6952 -ip 6952
1⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6224 -ip 6224
1⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6256 -ip 6256
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6188 -ip 6188
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6796 -ip 6796
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6408 -ip 6408
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5764 -ip 5764
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6812 -ip 6812
1⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 5300 -ip 5300
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5212 -ip 5212
1⤵
PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 4412 -ip 4412
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6500 -ip 6500
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4764 -ip 4764
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 4728 -ip 4728
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6928 -ip 6928
1⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6508 -ip 6508
1⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1648 -ip 1648
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 6784 -ip 6784
1⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4120 -ip 4120
1⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 688 -ip 688
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 4416 -ip 4416
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 5688 -ip 5688
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5792 -ip 5792
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 5376 -ip 5376
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5236 -ip 5236
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 4652 -ip 4652
1⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 4156 -ip 4156
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4912 -ip 4912
1⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 900 -ip 900
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 5672 -ip 5672
1⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 4864 -ip 4864
1⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 408 -ip 408
1⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3080 -ip 3080
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3516 -ip 3516
1⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3748 -ip 3748
1⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5352 -ip 5352
1⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 4572 -ip 4572
1⤵
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5760 -ip 5760
1⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5848 -ip 5848
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 5828 -ip 5828
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 5680 -ip 5680
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 3408 -ip 3408
1⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 5344 -ip 5344
1⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 6896 -ip 6896
1⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 7100 -ip 7100
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 7140 -ip 7140
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 5444 -ip 5444
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6720 -ip 6720
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 5996 -ip 5996
1⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 3588 -ip 3588
1⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 5928 -ip 5928
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5396 -ip 5396
1⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1344 -ip 1344
1⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4348 -ip 4348
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 5748 -ip 5748
1⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 1280 -ip 1280
1⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 4248 -ip 4248
1⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 5112 -ip 5112
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6300 -ip 6300
1⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 4840 -ip 4840
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 6324 -ip 6324
1⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6372 -ip 6372
1⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 6244 -ip 6244
1⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6492 -ip 6492
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6740 -ip 6740
1⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 3248 -ip 3248
1⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6156 -ip 6156
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 6280 -ip 6280
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 4132 -ip 4132
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6444 -ip 6444
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1048 -ip 1048
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 6952 -ip 6952
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6224 -ip 6224
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6752 -ip 6752
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7172 -ip 7172
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7076 -ip 7076
1⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 3068 -ip 3068
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 3176 -ip 3176
1⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6796 -ip 6796
1⤵
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6256 -ip 6256
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 6188 -ip 6188
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 1696 -ip 1696
1⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 6392 -ip 6392
1⤵
PID:440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5300 -ip 5300
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 8028 -ip 8028
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4428 -ip 4428
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7280 -ip 7280
1⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 6264 -ip 6264
1⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 7644 -ip 7644
1⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7468 -ip 7468
1⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 8012 -ip 8012
1⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 8168 -ip 8168
1⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 5564 -ip 5564
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 5216 -ip 5216
1⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7144 -ip 7144
1⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4640 -ip 4640
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7352 -ip 7352
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5556 -ip 5556
1⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5212 -ip 5212
1⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5804 -ip 5804
1⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6812 -ip 6812
1⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 5764 -ip 5764
1⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6408 -ip 6408
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 4728 -ip 4728
1⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6928 -ip 6928
1⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6500 -ip 6500
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 4764 -ip 4764
1⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 4412 -ip 4412
1⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1476 -p 6784 -ip 6784
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 1648 -ip 1648
1⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 4120 -ip 4120
1⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 688 -ip 688
1⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 4416 -ip 4416
1⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 5792 -ip 5792
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 4632 -ip 4632
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 5688 -ip 5688
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5376 -ip 5376
1⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7628 -ip 7628
1⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7588 -ip 7588
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1964 -ip 1964
1⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 1008 -ip 1008
1⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7316 -ip 7316
1⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 8020 -ip 8020
1⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 7576 -ip 7576
1⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1436 -p 7988 -ip 7988
1⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7268 -ip 7268
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7752 -ip 7752
1⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 7888 -ip 7888
1⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5720 -ip 5720
1⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7964 -ip 7964
1⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7996 -ip 7996
1⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 5236 -ip 5236
1⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4652 -ip 4652
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4912 -ip 4912
1⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6940 -ip 6940
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 4156 -ip 4156
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 5672 -ip 5672
1⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 900 -ip 900
1⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 4864 -ip 4864
1⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 6136 -ip 6136
1⤵
PID:13964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 7264 -ip 7264
1⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 5424 -ip 5424
1⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 3012 -ip 3012
1⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 4960 -ip 4960
1⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 408 -ip 408
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 3516 -ip 3516
1⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 3748 -ip 3748
1⤵
PID:468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3080 -ip 3080
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5352 -ip 5352
1⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1212 -ip 1212
1⤵
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5316 -ip 5316
1⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 5772 -ip 5772
1⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6912 -ip 6912
1⤵
PID:13488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4896 -ip 4896
1⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5276 -ip 5276
1⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 2600 -ip 2600
1⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 6476 -ip 6476
1⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5508 -ip 5508
1⤵
PID:12872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe

Filesize
468KB

MD5
c27f8c3598c2b2be5beffdcc5567ae48

SHA1
0814f76fcd047bcfe32b14f5a5cf3c8ee65d4caf

SHA256
3988d61298de0203232bebc57978d980fd5e8a93b0faf7803a9e74a3ac96440d

SHA512
e16464731df859d6f9d84c3a76f9b3291f13591b2414b0a71d875330007eb3e5fa89f5b51d99f7bf85b8038227482a307ccebd27e3258279401309535755cbfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe

Filesize
468KB

MD5
37b43f712aa581984aeac8be508ba55d

SHA1
1c163d16eccb277bec82fdff8f77e61b5b559374

SHA256
2b03ee9b36aff1d7cf1b519e50617d2d7a12b76241a1cdaccac80520465802f5

SHA512
a326b6c318c70400ed162594b84a5c59d9c31da7c0fac6e0b472995682161dc437f933730f458000b70b2f24059741d095882ad34d7e652e1b86ed28e9edbbb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe

Filesize
468KB

MD5
c2152c0b783853073127a0b1c80dd3ac

SHA1
b79edcdbc8326ab73aabefcca3d874ad8c38fe7a

SHA256
57e6ae5ef6f397a7bac795ac4d85e2f92c341dc2b8386c40c34ec5f34b9a2499

SHA512
ad3096db54e9bf07af6564a95bb5c2d83f0030fd6654e11b9e8994c95f56b186e6e11a07681a331f62aa70ed074f0de264954bef314d7aaa74c9949e552ae8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe

Filesize
468KB

MD5
b97d211fa1690bcf32bc3790c69e4113

SHA1
2d27b690ec74789759948e31a0d34037d3ada89e

SHA256
d43216b0426d0487e507ee10f20bccf974a301a7ef62a3de471c753a3b6c31fc

SHA512
ffb1198904b53b3725a5ee342da4c93b8a6be51ef41d0f4a88f1877bf2285fa399a4390fe9e7da829f3e8269a1b2523842642c0d791bdb3464e16b09416cbbcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe

Filesize
468KB

MD5
dfe833ead0e4841ae966835dc0f9299b

SHA1
3cda1afc62234163b203126bdeeb6a066a6e96d0

SHA256
1bd60f46c703656a32bdb69d93067622163334a98a34417fb52295b286efaadc

SHA512
52f6088acd531e0bde434a874d1fbe34d380543ca06c778f5e4ad2c1173cda5d8a0e67a55c4bc87fc8631614349fd1728c337c461536c73777921a6db28d881b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe

Filesize
468KB

MD5
566169f3b6be601d0e191f12f2bb06d4

SHA1
7888bad31eb0ce9f8f945df8e50c1b819b51e238

SHA256
eb0c68af41e78d23a107bbb1018679c3dc1d72cedf6d3bb14d70a916763ae7af

SHA512
e480d9921575eb07467ab02324b9d95c088e21c60f84c938c6d50f0c1e2391fdc45e5f441f8827ab0cf5d656fdc3930ac33fd5e52033e0657db7f7fbeaff4457

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe

Filesize
468KB

MD5
60c8b9fc2d5761263b5b2fe5cde07ca0

SHA1
719dcadefaefe698cbf3ce407776856cc4f6be37

SHA256
d09f49fd5fc080df842a2dcffbf2fad272718674c4e933e6db8d5ac0786171cd

SHA512
f0071cbefd021a6cd83ab0694e27068ed7364c3b2bf7845e7c78802f3a0bddf14397f7977a9667dc139a2d3a8eddd99f13c2004cfd2423d431febc903370efe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe

Filesize
468KB

MD5
2d1e18fe351fbb78af96d0ed983ac08d

SHA1
8bb2b741715d8af4319e5ee2ce96e39fadc77a33

SHA256
70b9d63bb4aa36a84c26fbdcc9ef90760e10091d39240bf59bd32f2347be5bd0

SHA512
8c2ec536a6809663920eb10f0994d23b2266a0737fc2cbe0b07db7ceca672dd507e74573b433102f513f39835d455308e8138ac85632723b2a4eb330feaabdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe

Filesize
468KB

MD5
3eb99eab7b6eed5a40be62504425a019

SHA1
b5498e8a57c8967d0972dfa5f9492b2ab1d27103

SHA256
7732134b16bd443f4d082fecfa3ca596592278d8fda7cc3942effbab3c445114

SHA512
95caaa48bb85b2cdf7a67ad5efc7cb7ffb3b1b260649709f876e3d95c52d291d4cb0191c1e2a0b52c7a3fada2743ab1d6bb0be698c79e4807ed51296d3cc5a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe

Filesize
468KB

MD5
82e90adafa4bc0ac2f589f3c7273d642

SHA1
7e53061c83623c3d46ff4997130561ceec7dca5a

SHA256
fdc2625ec4fc0796d20b01cabc12524c17ac6b5e09b53ce1ac3820261a47f689

SHA512
d693de4b129991ee08cf27fa78209f811c2a00cfdeaf335f83637f09005cef7231ac378f1da251d724b7dbcdbab74269c4b536fdedd7f6c88070596fe0f6c769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe

Filesize
468KB

MD5
9c5e6e3bc2972dca7acd2911a5bd38da

SHA1
faf6a0bd41cd6d2c221ca7d77453c08fe1451c44

SHA256
ec74913aa6bef89a4e77f99c980a9e4578ec7742cd879eb8cc98ebaa35d307a8

SHA512
b84253631d5839efefa243456f60dfe8c749c5f548f5db6c8d670ecdda0f930282652d492c7165f7db8721d9f78f38bf485ca4c48790271948bad424a83bae7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe

Filesize
468KB

MD5
ff902dd513a553ee53aa79f10f462fee

SHA1
8a16a066643d5176c152498058b884ba1e91fb63

SHA256
b9ee604e83ae1667bc0edf01a0a58321a4dce5c24d839c2fdbf77ce80e7ee458

SHA512
328c4f8f59af5b278df6b5a01aaaf78cab1c3614ba29ac2c8871784a0f35816fe4b4609bb1be77c06c1e450f59fdccdef58f4643c2b0142b113f34ddc31200cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe

Filesize
468KB

MD5
008f586bbfb18af469d30f58a5db18df

SHA1
b0dc64d46d64dd854f3f5a5dcf4a914ed3f6ab77

SHA256
c8b06003dd9449344d27c99ec62e9c8ade741b5a6dcd43fca9c5579b652e81b4

SHA512
22b3b33e123f7e4991c1e928ea33f3a96130211057e2e7d7ff3c71cc6f4af3f7bdb0455c2cac96929e6354874a51cf14da581d8db2e28eaf0ece0dd4c76ba831

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe

Filesize
468KB

MD5
7e60f4751505b89c6a19c4818122db80

SHA1
9e680d1bb701077e3768212a51bcf0627c05dc47

SHA256
aabd4586e9b47e68733c2a9a72fd4d9dfcbffa5d2e5d6fd0269e5bebd19f5e69

SHA512
79020fdbb954993a1edec7e71f190d998620b0f41ef3a027cb0279d912ccec920596f32e19cd0c09d883dd9f9bdaaa59f069d6b9f4d9c74aa8fa735ae69fd010

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe

Filesize
468KB

MD5
b83d9e63ca5b263e47483e1eeaa4cb83

SHA1
fe1d25e80c8d409c08403ba751931ad14973d39b

SHA256
ec24e4082bab42bf1849be8987b0e72c7741e82e40148f74ca2f687d66d1835f

SHA512
4998b7da9271b1cec266d53561adb1f7b00d86f55a6a8a426e02f261f06cc0832f0b4cb874199a4e80acaf77f03bb69971a91edcaae36b95b1efb5fcbb96282f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe

Filesize
468KB

MD5
d42e5913d2666b755b1b58a440aa5882

SHA1
82cf28c875172fccd8273848fc455a3d9ccff3b6

SHA256
fa6c256d79d741d9465a09b549988781dec2818c9498837981c0771aef9f7f64

SHA512
827b28fcb6cc3e318a3cd0938c563c2608b0908f38e35644caffe1b866f9610a0eded40312bc4733c7d2c2607b7bd901f0f08cf808076d8d1dedd22dcadf83d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe

Filesize
468KB

MD5
80b582dbffd890684fa94a59601286f0

SHA1
27f8a0c5c7311b9d00f2e9d171fc2feb6084bc67

SHA256
f78ed946e2a10cfeff541e67d028853d2b873d90624d5b11001befa168f7fd8b

SHA512
3bb211f294c6d38011be51932205e9b5ab6e50fd87e753378b3df473934eb2093e339505e190aa0fa7c332003025b9439fec105d124b6a787ea1bac2e74270f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe

Filesize
468KB

MD5
b177d8d0e4014f8a8cb72416531d09e3

SHA1
7af56f0d1ddac2bbf7e2c3cfcaba7b08fea788a2

SHA256
b7f602c3b3af42d65194f416407f862680d5cea34340fb9fd6ce1df6be8c8373

SHA512
b44f9509332c098d9e9bfe72a8688183591f18ac60ede3fd98fc37a37c3d337cc9b991abc2b56a9f76fcba510a7532ac10663e781308659f1ab1a4413bb1341c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe

Filesize
468KB

MD5
d497428a02741456101975755bb8bac5

SHA1
48991be7c0d485e566992988839736dc1bf26368

SHA256
6f484058ddea4649cd8d68bfe2a5fad1fc91b3dfdf99e1b9aec3de088999fae8

SHA512
30bb55abf403064b9902f9ccf29a9be6b17b7902a1e1eb1ee71cb555082d64e7f6927f6373e7b481815e6e6051fbc7a5afd0ade572d73a80f91c55162ea654dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe

Filesize
468KB

MD5
dbcaaef8b1e05857bc08a632a625620c

SHA1
3a3a142dc11cec4d1fbb6b28e03364fbea7e783d

SHA256
1faa1d1c4cb9a03f057f0fc79df9b6a358d3b7535a266086a787ca1e6f4329bd

SHA512
bb8019bedbd2b1be3b509bf7598f08f2cd31bcf2fe3912136bcab2a1cf15ccefca1fc725e8f43acaad929fbde9035da03cf4c5d691096727dedcf05f85faa100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe

Filesize
468KB

MD5
34fdefaa7640ddcf9d3d6626814e7a08

SHA1
4aca5c8fadbae6a1d4fa0852786acc3210f2eb68

SHA256
88adc3ad8130466e6a7e1d4bfe6003a4a66779e13ca99d2b9ec52f194f6e0603

SHA512
694e1eaa8de3677072d4db474b4166495557a9fa7dcacea112cfa470e644b49affc0e0142458a1e975d10fea8dc8268ef0f3f6fec511ceeb5793c5c95d99cd61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe

Filesize
468KB

MD5
fceaa4506f98b6fc06ed0d061a5a9eec

SHA1
93050e8579a22eafca73393ace99e8bfb25b7400

SHA256
a010ee1d16d251cfe1e3332657dc0a4c7c15454d4a81febd6cf29013d2093b63

SHA512
26adad60c5c63dc4c423f4ec20d0496c1e0fa28b52de30044209d0d08fcaf9221ac8fcc5c15654a1afd7c6ed5f62f260db9cab558529bd1e1e9bbcf546a7fdff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe

Filesize
468KB

MD5
fb66ee04ea4321b84fe203a367753233

SHA1
0e12bce53eba34e3be28cac653ee77a742e6c13b

SHA256
e49c30df91a9141a84625b4afa45564e7e772899f11ddf7d5a849429a5d9ea5f

SHA512
b07f64abca1cc23fcf693b143e6f188aaae46d86dc76048ad8a2c773ffd54855fef944568c0e53e9f2ada38d0458cf10a94b460122506bf9a4a2487ed1332121

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe

Filesize
468KB

MD5
411596c399c1136d45e7e9a0fe08f8ba

SHA1
8797d8bedf84210bfe40ce6cb47bb60ed25a9b3e

SHA256
97a471046bea1cef0276e3984bde5d648e1292e8077fa31499cb4422b278cc72

SHA512
5cfad6ab03e706f66c4f71bbb778eed54cd9f1a65baa1dc59b200058c2b56dc52eb9603fde1faeb93762e5dfd5ad690c7163c9de091276a6ac37e1b393e803bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe

Filesize
468KB

MD5
decaca3589405b88dcf36d4f21e9b422

SHA1
d4d61d03aef86b185d8c0da9720a01ce0655e915

SHA256
9dd4c5a995104eb9192ec1aec94f7706d98f205a77efe3abd50f89600e266649

SHA512
a0af6dc61b03674efb09186a3763b74a0fd8f5ac3b7b5374f244331fb66c5b265203a7b04f8cf051cfd3e3023779c72aff9ea7f157ac25ed0dff96b9685a7d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe

Filesize
468KB

MD5
102bd55670c6a14f41e5831b91aa6565

SHA1
956087d81fd50c9b2542515ba3957342fab50a73

SHA256
765e7beec4c5e578bad85a5295dce30f86159122434002bc6b8e2de656be3847

SHA512
2ed0f0dd37f5f8f905c3a7ade62cef2b2f3345e742ea3b326518572529218767e85a23faf17a70e87e2f6cf8b0b9378becf91d8d37f24067076b505ae1e90176

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe

Filesize
468KB

MD5
8cb267c3cff0a0a68286b937cee8bbc1

SHA1
65ee3b61379c4b7edce3c2d115b9b62eef9d83a8

SHA256
cf7bdb3b17f435c0658b247575a217da5633d20281b23ac2a926d07ab484b8bf

SHA512
3f8ff1cf63717c69db1b9235fd27a2fbd29e693972203aba86ac0073c8df4fb56d3cf57579010d4ef499d0191a5b8c4fd949ef8394a1f8ab5c85c89a207a3476

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe

Filesize
468KB

MD5
56a8fbf159b2d16cf9fdec003add16b2

SHA1
e10f7fb8d64c4ce2158e3193c088e45ef2eaf6e6

SHA256
81ed1d429017873bc107822a071bc094d2c663314ce9847f477279bb7dbab647

SHA512
5cccae298922fadf1f49f7986f889c92eeaed5b72a2df44f4389e8dd46558546f21b4b1e0debcf26cf666acf5e062093dff54cb200aef219b470ae1e90391791

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe

Filesize
468KB

MD5
d8af4bc5c69ea59dbfb621505b105e2c

SHA1
681f3497d05b0a8e4e315893e696fc3c8a4332b0

SHA256
449de4433c1033240b9607b5b9ea64790921fe0e18e585a7e4464b5c030bf006

SHA512
1c862734cf621bd81de3f09549e3cde5f861346ab3779d175b47cd4d9cad34bfe397110f74f85652ba087decead46ec96f78cb9aaec0da44b7bf3f5aa5b1c337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe

Filesize
468KB

MD5
3a9d7413722288ecdce9cfb55879bd12

SHA1
992c24ea5705727299e08f12692f05f1d99dceaa

SHA256
90cfbd771c1908dba90511f5615ac547d411859a983c837f67a0fa40769a3983

SHA512
bd1bdb1155f9e1c2df3653a13392079e3b5d0ee26ffe5c8e0efcbbbd9f846cd65f74f154034c3e393ac08b8c89f24220d90712ab5b7c878a50bcca80d43ecf8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe

Filesize
468KB

MD5
8b03ea5d6bb74673f01a5f37aa22d9ce

SHA1
a59880096fdc2af7bc8b1db394b666c442275784

SHA256
5bf960c797b5f684b7a70a8e9a05031d33668de0d2447392974f01daae4fe3d3

SHA512
e627911b91954f0422551ddb5c76faa9777010f403db9e80bb8cccc825251935808c8f5c34c5d605ff4f410f5bac72b7522c785daad362d2e2ad61f09c26d392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe

Filesize
468KB

MD5
bd29be092a15fe71a2d376c907db5f76

SHA1
23d148f25262e3a322d5b1267f23e823e2fe802c

SHA256
b3bffe4342a68260ce1c0765fd6671cf77fa51839c15f9d6afdc20f166bfee90

SHA512
dc675bc3c253aca0b714bac05e1c47fa27ed9306b6225dee1599a1e39dd833329cc06a37522d338a88af33cd6888287bb7377876b0cb6e4fcc2ab1d13ef94177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe

Filesize
468KB

MD5
d45d3e85f688c01a141a7a1a014badfa

SHA1
b95f44793196546eda765ae3aba7091d56d874e6

SHA256
a3fbb89a04ad45a67268a30e95d53aae68c0e60dae43e0e02081b5cfed359bf0

SHA512
b8f117fa8885b9d104dc9124626132aba53912dff7ac07e5760dbc902a38ebd0dc3de3166822d0fe3d7a31f824f2161ce1c68b525570887a8f1ddbf6ca2d6781

Download Submit