607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68

Analysis

max time kernel
120s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe
Size

468KB
MD5

6773f930d493abb122eb608fcee72110
SHA1

c87ce8330fd49d0ac0af3ce2e4a9d759803bd8fb
SHA256

607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68
SHA512

8cffc1814a4a88f3de24b11bcfa83749fa5516d20ff57fc55c11de58b7691a93a8d6b422f44b632ce8f8570b3779f4e733a01d4c45fbc5540724ed0b6326b3f3
SSDEEP

3072:1G3HogISIE5TtbY5HzcOcf8/zCcaP0pkJVHeTVPyB67LL9ggEslV:1G3obMTt+H4OcfVY10B6fxggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1476	Unicorn-59983.exe
1540	Unicorn-51343.exe
1004	Unicorn-31477.exe
424	Unicorn-44047.exe
944	Unicorn-44047.exe
228	Unicorn-40709.exe
3180	Unicorn-54445.exe
2176	Unicorn-14659.exe
2640	Unicorn-59262.exe
1432	Unicorn-30503.exe
3956	Unicorn-38671.exe
2436	Unicorn-55199.exe
2784	Unicorn-35333.exe
3764	Unicorn-54934.exe
2616	Unicorn-8036.exe
2776	Unicorn-30223.exe
1668	Unicorn-60627.exe
3140	Unicorn-55604.exe
2904	Unicorn-60435.exe
3492	Unicorn-16876.exe
2600	Unicorn-23783.exe
516	Unicorn-51394.exe
624	Unicorn-16684.exe
1368	Unicorn-10553.exe
1384	Unicorn-49170.exe
4608	Unicorn-7181.exe
1492	Unicorn-38234.exe
2856	Unicorn-342.exe
5116	Unicorn-50228.exe
1860	Unicorn-50228.exe
5080	Unicorn-49076.exe
2356	Unicorn-29210.exe
928	Unicorn-20549.exe
1624	Unicorn-54291.exe
3548	Unicorn-8619.exe
4864	Unicorn-2489.exe
1980	Unicorn-11508.exe
4572	Unicorn-17639.exe
3288	Unicorn-51380.exe
2080	Unicorn-18215.exe
1156	Unicorn-17949.exe
452	Unicorn-26383.exe
2268	Unicorn-50995.exe
4936	Unicorn-56595.exe
4920	Unicorn-16300.exe
1900	Unicorn-19100.exe
1928	Unicorn-24966.exe
1948	Unicorn-5365.exe
1396	Unicorn-12843.exe
4496	Unicorn-12843.exe
2412	Unicorn-3606.exe
796	Unicorn-50923.exe
1512	Unicorn-28495.exe
2688	Unicorn-8629.exe
4024	Unicorn-64466.exe
1556	Unicorn-5059.exe
540	Unicorn-7690.exe
4376	Unicorn-19772.exe
2564	Unicorn-35039.exe
2288	Unicorn-34079.exe
5096	Unicorn-53522.exe
3684	Unicorn-34463.exe
3192	Unicorn-18812.exe
3096	Unicorn-34271.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3512	3956	WerFault.exe	99
4956	3180	WerFault.exe	93
3436	2436	WerFault.exe	100
632	3764	WerFault.exe	102
4496	3764	WerFault.exe	102
4596	2436	WerFault.exe	100
3024	3180	WerFault.exe	93
548	3956	WerFault.exe	99
4828	2776	WerFault.exe	104
4720	2776	WerFault.exe	104
632	2600	WerFault.exe	109
4972	624	WerFault.exe	111
316	624	WerFault.exe	111
1656	2600	WerFault.exe	109
4040	2904	WerFault.exe	107
1308	928	WerFault.exe	140
4100	2640	WerFault.exe	97
1044	4936	WerFault.exe	155
4540	1948	WerFault.exe	158
1652	1396	WerFault.exe	167
5208	928	WerFault.exe	140
5152	2856	WerFault.exe	134
5472	540	WerFault.exe	176
1480	2268	WerFault.exe	154
6904	4952	WerFault.exe	239
8184	1924	WerFault.exe	297
7132	5748	WerFault.exe	305
5752	5716	WerFault.exe	266
9556	1484	WerFault.exe	347
6500	4988	WerFault.exe	417
8708	5788	WerFault.exe	386
5708	6760	WerFault.exe	412
8008	5848	WerFault.exe	393
9052	1928	WerFault.exe	159
5508	6052	WerFault.exe	397
8892	6328	WerFault.exe	400
6044	6352	WerFault.exe	403
1692	7224	WerFault.exe	450
9408	7092	WerFault.exe	423
6972	7776	WerFault.exe	502
8352	7344	WerFault.exe	501
9864	7180	WerFault.exe	448
4288	7568	WerFault.exe	462
8600	5212	WerFault.exe	440
8228	5284	WerFault.exe	318
9644	5884	WerFault.exe	325
7540	8028	WerFault.exe	472
7536	5152	WerFault.exe	505
8264	6336	WerFault.exe	427
2268	5468	WerFault.exe	508
10176	1676	WerFault.exe	283
9956	3932	WerFault.exe	219
9944	8172	WerFault.exe	477
10184	8140	WerFault.exe	475
10132	7472	WerFault.exe	491
9184	8104	WerFault.exe	515
3520	1656	WerFault.exe	481
10016	7964	WerFault.exe	470
5488	7492	WerFault.exe	458
5116	6256	WerFault.exe	480
6012	7144	WerFault.exe	421
9932	7508	WerFault.exe	459
9924	6300	WerFault.exe	438
3292	6548	WerFault.exe	436

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38671.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe
1476	Unicorn-59983.exe
1540	Unicorn-51343.exe
1004	Unicorn-31477.exe
424	Unicorn-44047.exe
944	Unicorn-44047.exe
228	Unicorn-40709.exe
3180	Unicorn-54445.exe
2176	Unicorn-14659.exe
1432	Unicorn-30503.exe
2640	Unicorn-59262.exe
3956	Unicorn-38671.exe
2784	Unicorn-35333.exe
2436	Unicorn-55199.exe
2616	Unicorn-8036.exe
3764	Unicorn-54934.exe
2776	Unicorn-30223.exe
1668	Unicorn-60627.exe
3140	Unicorn-55604.exe
2904	Unicorn-60435.exe
3492	Unicorn-16876.exe
624	Unicorn-16684.exe
2600	Unicorn-23783.exe
516	Unicorn-51394.exe
1368	Unicorn-10553.exe
4608	Unicorn-7181.exe
1384	Unicorn-49170.exe
1492	Unicorn-38234.exe
2856	Unicorn-342.exe
5116	Unicorn-50228.exe
1860	Unicorn-50228.exe
5080	Unicorn-49076.exe
2356	Unicorn-29210.exe
928	Unicorn-20549.exe
1624	Unicorn-54291.exe
4864	Unicorn-2489.exe
3548	Unicorn-8619.exe
1980	Unicorn-11508.exe
3288	Unicorn-51380.exe
4572	Unicorn-17639.exe
2080	Unicorn-18215.exe
1156	Unicorn-17949.exe
452	Unicorn-26383.exe
4936	Unicorn-56595.exe
4920	Unicorn-16300.exe
2268	Unicorn-50995.exe
1900	Unicorn-19100.exe
1928	Unicorn-24966.exe
1948	Unicorn-5365.exe
4496	Unicorn-12843.exe
1396	Unicorn-12843.exe
2412	Unicorn-3606.exe
796	Unicorn-50923.exe
1512	Unicorn-28495.exe
1556	Unicorn-5059.exe
2688	Unicorn-8629.exe
540	Unicorn-7690.exe
4024	Unicorn-64466.exe
4376	Unicorn-19772.exe
2564	Unicorn-35039.exe
2288	Unicorn-34079.exe
5096	Unicorn-53522.exe
3308	Unicorn-58775.exe
3192	Unicorn-18812.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 1476	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	82
PID 4484 wrote to memory of 1476	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	82
PID 4484 wrote to memory of 1476	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	82
PID 1476 wrote to memory of 1540	1476	Unicorn-59983.exe	88
PID 1476 wrote to memory of 1540	1476	Unicorn-59983.exe	88
PID 1476 wrote to memory of 1540	1476	Unicorn-59983.exe	88
PID 4484 wrote to memory of 1004	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	87
PID 4484 wrote to memory of 1004	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	87
PID 4484 wrote to memory of 1004	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	87
PID 1004 wrote to memory of 944	1004	Unicorn-31477.exe	91
PID 1004 wrote to memory of 944	1004	Unicorn-31477.exe	91
PID 1004 wrote to memory of 944	1004	Unicorn-31477.exe	91
PID 1540 wrote to memory of 424	1540	Unicorn-51343.exe	90
PID 1540 wrote to memory of 424	1540	Unicorn-51343.exe	90
PID 1540 wrote to memory of 424	1540	Unicorn-51343.exe	90
PID 1476 wrote to memory of 228	1476	Unicorn-59983.exe	92
PID 1476 wrote to memory of 228	1476	Unicorn-59983.exe	92
PID 1476 wrote to memory of 228	1476	Unicorn-59983.exe	92
PID 4484 wrote to memory of 3180	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	93
PID 4484 wrote to memory of 3180	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	93
PID 4484 wrote to memory of 3180	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	93
PID 424 wrote to memory of 2176	424	Unicorn-44047.exe	96
PID 424 wrote to memory of 2176	424	Unicorn-44047.exe	96
PID 424 wrote to memory of 2176	424	Unicorn-44047.exe	96
PID 1540 wrote to memory of 2640	1540	Unicorn-51343.exe	97
PID 1540 wrote to memory of 2640	1540	Unicorn-51343.exe	97
PID 1540 wrote to memory of 2640	1540	Unicorn-51343.exe	97
PID 944 wrote to memory of 1432	944	Unicorn-44047.exe	98
PID 944 wrote to memory of 1432	944	Unicorn-44047.exe	98
PID 944 wrote to memory of 1432	944	Unicorn-44047.exe	98
PID 3180 wrote to memory of 3956	3180	Unicorn-54445.exe	99
PID 3180 wrote to memory of 3956	3180	Unicorn-54445.exe	99
PID 3180 wrote to memory of 3956	3180	Unicorn-54445.exe	99
PID 228 wrote to memory of 2436	228	Unicorn-40709.exe	100
PID 228 wrote to memory of 2436	228	Unicorn-40709.exe	100
PID 228 wrote to memory of 2436	228	Unicorn-40709.exe	100
PID 1004 wrote to memory of 2784	1004	Unicorn-31477.exe	101
PID 1004 wrote to memory of 2784	1004	Unicorn-31477.exe	101
PID 1004 wrote to memory of 2784	1004	Unicorn-31477.exe	101
PID 4484 wrote to memory of 3764	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	102
PID 4484 wrote to memory of 3764	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	102
PID 4484 wrote to memory of 3764	4484	607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe	102
PID 1476 wrote to memory of 2616	1476	Unicorn-59983.exe	103
PID 1476 wrote to memory of 2616	1476	Unicorn-59983.exe	103
PID 1476 wrote to memory of 2616	1476	Unicorn-59983.exe	103
PID 2176 wrote to memory of 2776	2176	Unicorn-14659.exe	104
PID 2176 wrote to memory of 2776	2176	Unicorn-14659.exe	104
PID 2176 wrote to memory of 2776	2176	Unicorn-14659.exe	104
PID 424 wrote to memory of 1668	424	Unicorn-44047.exe	105
PID 424 wrote to memory of 1668	424	Unicorn-44047.exe	105
PID 424 wrote to memory of 1668	424	Unicorn-44047.exe	105
PID 1432 wrote to memory of 3140	1432	Unicorn-30503.exe	106
PID 1432 wrote to memory of 3140	1432	Unicorn-30503.exe	106
PID 1432 wrote to memory of 3140	1432	Unicorn-30503.exe	106
PID 944 wrote to memory of 2904	944	Unicorn-44047.exe	107
PID 944 wrote to memory of 2904	944	Unicorn-44047.exe	107
PID 944 wrote to memory of 2904	944	Unicorn-44047.exe	107
PID 2640 wrote to memory of 3492	2640	Unicorn-59262.exe	108
PID 2640 wrote to memory of 3492	2640	Unicorn-59262.exe	108
PID 2640 wrote to memory of 3492	2640	Unicorn-59262.exe	108
PID 2784 wrote to memory of 2600	2784	Unicorn-35333.exe	109
PID 2784 wrote to memory of 2600	2784	Unicorn-35333.exe	109
PID 2784 wrote to memory of 2600	2784	Unicorn-35333.exe	109
PID 1540 wrote to memory of 516	1540	Unicorn-51343.exe	110

C:\Users\Admin\AppData\Local\Temp\607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe
"C:\Users\Admin\AppData\Local\Temp\607ea7f58ee2ede65b9f85992967c43f9d52f79e2320d2707db1cd7fe319bf68N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 632
        7⤵
        Program crash
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 632
        7⤵
        Program crash
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        9⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 636
        10⤵
        Program crash
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 644
        10⤵
        Program crash
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 644
        10⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        10⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 724
        11⤵
        Program crash
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        10⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        11⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        10⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        10⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        9⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        8⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 636
        9⤵
        Program crash
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        9⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8881.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
        8⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        7⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 636
        8⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        6⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        7⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        6⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 636
        7⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        8⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 636
        9⤵
        Program crash
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31938.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        9⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        8⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
        8⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        8⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 636
        9⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        8⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        8⤵
        
        PID:14616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 748
        7⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        6⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 632
        7⤵
        Program crash
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        7⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 636
        8⤵
        Program crash
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        9⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 644
        10⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 652
        9⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        7⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 632
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        6⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        7⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 636
        8⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        5⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        6⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        6⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 636
        7⤵
        
        PID:13124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 652
        6⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        5⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        6⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        7⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        5⤵
        
        PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        7⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 640
        10⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        9⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        9⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        10⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 664
        9⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        9⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 744
        8⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        8⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 728
        9⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 652
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        7⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 624
        7⤵
        Program crash
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        7⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 724
        8⤵
        Program crash
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        7⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 640
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        8⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        7⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        6⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 632
        7⤵
        Program crash
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        7⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        6⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 636
        6⤵
        Program crash
        
        PID:1308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 636
        6⤵
        Program crash
        
        PID:5208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 748
        5⤵
        Program crash
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 640
        10⤵
        Program crash
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 636
        9⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        7⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 652
        8⤵
        Program crash
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        8⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        7⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        7⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        7⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 636
        8⤵
        Program crash
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        6⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 724
        7⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        7⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        6⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        8⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 664
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        7⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        6⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 644
        7⤵
        Program crash
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        6⤵
        
        PID:12552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 640
        5⤵
        Program crash
        
        PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        9⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 664
        8⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 636
        7⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        6⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 640
        7⤵
        Program crash
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        6⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        7⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        6⤵
        
        PID:1396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 656
        6⤵
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34542.exe
        5⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        7⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 640
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        7⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        6⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        6⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        5⤵
        
        PID:8140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 636
        6⤵
        Program crash
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        6⤵
        
        PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        6⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        6⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        5⤵
        
        PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
      4⤵
      PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
      4⤵
      PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
      4⤵
      PID:14224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 720
        5⤵
        Program crash
        
        PID:3436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 736
        5⤵
        Program crash
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        10⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 636
        11⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        10⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        11⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 732
        9⤵
        Program crash
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        8⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 640
        9⤵
        Program crash
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
        7⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 632
        8⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 632
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27630.exe
        7⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        10⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        9⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        9⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        8⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        7⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        6⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 636
        7⤵
        Program crash
        
        PID:8008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 716
        6⤵
        Program crash
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        5⤵
        
        PID:1148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 636
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        5⤵
        
        PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 632
        5⤵
        Program crash
        
        PID:4972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 632
        5⤵
        Program crash
        
        PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 640
        5⤵
        Program crash
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        6⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 720
        7⤵
        Program crash
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
        7⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8180.exe
        6⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        5⤵
        
        PID:7780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 644
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        10⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 548
        9⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        9⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 632
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        7⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        8⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        9⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        9⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        10⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        9⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        9⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        7⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 636
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        8⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
        7⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
        6⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 636
        7⤵
        Program crash
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        6⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 636
        7⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 636
        7⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        6⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        5⤵
        
        PID:7472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 636
        6⤵
        Program crash
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        5⤵
        
        PID:14744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        7⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 724
        8⤵
        Program crash
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        8⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
        7⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        5⤵
        
        PID:2028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 640
        6⤵
        
        PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        6⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 644
        7⤵
        Program crash
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        6⤵
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 740
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        5⤵
        
        PID:7880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 724
        6⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        6⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        5⤵
        
        PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
      4⤵
      PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
      4⤵
      PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
      4⤵
      PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
      4⤵
      PID:7732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 636
        5⤵
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
      4⤵
      PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        5⤵
        
        PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2561.exe
      4⤵
      PID:15000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
    3⤵
    PID:7128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 632
      4⤵
      PID:9724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
    3⤵
    PID:9096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
    3⤵
    PID:11552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
    3⤵
    PID:14532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        11⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        12⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 664
        12⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        11⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        11⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 636
        11⤵
        Program crash
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        11⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17796.exe
        9⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        10⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        9⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        9⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 716
        10⤵
        Program crash
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        9⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        9⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        10⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        9⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        9⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        8⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 632
        9⤵
        Program crash
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        9⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        10⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        11⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        10⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        9⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        9⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
        9⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        8⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        10⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        11⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        10⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        10⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 720
        8⤵
        Program crash
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 640
        10⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
        8⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 644
        9⤵
        Program crash
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 644
        9⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        7⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 724
        8⤵
        Program crash
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        9⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        8⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 668
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 660
        9⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        9⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        10⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        11⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        10⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        9⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        9⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        7⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 636
        8⤵
        Program crash
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        7⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28495.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 636
        9⤵
        Program crash
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        10⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 660
        9⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
        9⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
        9⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        8⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
        8⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        7⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 636
        8⤵
        Program crash
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        8⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        6⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
        9⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 636
        10⤵
        Program crash
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        9⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        8⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 636
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        7⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 636
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        8⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        7⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 648
        8⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 656
        7⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        8⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 640
        9⤵
        Program crash
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 656
        8⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        8⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 640
        8⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 632
        7⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        6⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 636
        7⤵
        
        PID:9972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 636
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        9⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
        8⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
        7⤵
        
        PID:14004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 632
        6⤵
        Program crash
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        5⤵
        
        PID:7232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 636
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        5⤵
        
        PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 636
        7⤵
        Program crash
        
        PID:1652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 756
        6⤵
        Program crash
        
        PID:5152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 624
        5⤵
        Program crash
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        5⤵
        
        PID:5468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 644
        6⤵
        Program crash
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        6⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        5⤵
        
        PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
      4⤵
      PID:7072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 636
        5⤵
        
        PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
      4⤵
      PID:12460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 636
        5⤵
        Program crash
        
        PID:632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 636
        5⤵
        Program crash
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 724
        5⤵
        Program crash
        
        PID:1044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
      4⤵
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
        7⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        6⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        5⤵
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      4⤵
      PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        5⤵
        
        PID:12492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 712
      4⤵
      PID:13536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
    3⤵
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
      4⤵
      PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
      4⤵
      PID:2860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 648
        5⤵
        
        PID:10116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 648
        5⤵
        
        PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
      4⤵
      PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        5⤵
        
        PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
      4⤵
      PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        5⤵
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59155.exe
      4⤵
      PID:15184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 636
      4⤵
      Program crash
      PID:3512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 636
      4⤵
      Program crash
      PID:548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 728
    3⤵
    - Program crash
    PID:4956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 728
    3⤵
    - Program crash
    PID:3024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 636
    3⤵
    - Program crash
    PID:632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 636
    3⤵
    - Program crash
    PID:4496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        5⤵
        
        PID:8036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 628
        6⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        5⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
        7⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        5⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        6⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
      4⤵
      PID:6312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 640
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
      4⤵
      PID:3856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
    3⤵
    PID:2928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 628
    3⤵
    - Program crash
    PID:1480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
  2⤵
  PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        5⤵
        
        PID:7156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 636
        6⤵
        
        PID:6648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 736
        5⤵
        
        PID:10956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 708
      4⤵
      Program crash
      PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        5⤵
        
        PID:1440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 636
        6⤵
        
        PID:13044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 636
        6⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
      4⤵
      PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
      4⤵
      PID:14196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
  2⤵
  PID:4112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51591.exe
      4⤵
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        6⤵
        
        PID:8000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 632
        5⤵
        
        PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
      4⤵
      PID:8444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 724
      4⤵
      PID:14092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
      4⤵
      PID:12436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
    3⤵
    PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
      4⤵
      PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
    3⤵
    PID:12236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30362.exe
  2⤵
  PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
    3⤵
    PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
      4⤵
      PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        5⤵
        
        PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
      4⤵
      PID:13440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
  2⤵
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
    3⤵
    PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
      4⤵
      PID:3744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
  2⤵
  PID:10708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
    3⤵
    PID:11812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
  2⤵
  PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3764 -ip 3764
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2436 -ip 2436
1⤵
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3956 -ip 3956
1⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3180 -ip 3180
1⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3764 -ip 3764
1⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2436 -ip 2436
1⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3180 -ip 3180
1⤵
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3956 -ip 3956
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2776 -ip 2776
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2776 -ip 2776
1⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 624 -ip 624
1⤵
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2600 -ip 2600
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 624 -ip 624
1⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2600 -ip 2600
1⤵
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2904 -ip 2904
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 928 -ip 928
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2640 -ip 2640
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4936 -ip 4936
1⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1948 -ip 1948
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4608 -ip 4608
1⤵
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1384 -ip 1384
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2784 -ip 2784
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 228 -ip 228
1⤵
PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2904 -ip 2904
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1384 -ip 1384
1⤵
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4608 -ip 4608
1⤵
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 228 -ip 228
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2784 -ip 2784
1⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1396 -ip 1396
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4496 -ip 4496
1⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 540 -ip 540
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2856 -ip 2856
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 928 -ip 928
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2640 -ip 2640
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4496 -ip 4496
1⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 540 -ip 540
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2288 -ip 2288
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5096 -ip 5096
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2356 -ip 2356
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1624 -ip 1624
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3548 -ip 3548
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4936 -ip 4936
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1948 -ip 1948
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3192 -ip 3192
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 856 -ip 856
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3096 -ip 3096
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2288 -ip 2288
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5096 -ip 5096
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3548 -ip 3548
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2356 -ip 2356
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1624 -ip 1624
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3192 -ip 3192
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 856 -ip 856
1⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1156 -ip 1156
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3096 -ip 3096
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5024 -ip 5024
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 456 -ip 456
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 548 -ip 548
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3540 -ip 3540
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4224 -ip 4224
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3420 -ip 3420
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2928 -ip 2928
1⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1980 -ip 1980
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1004 -ip 1004
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2268 -ip 2268
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1900 -ip 1900
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1156 -ip 1156
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1544 -ip 1544
1⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 456 -ip 456
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5024 -ip 5024
1⤵
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5004 -ip 5004
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 620 -ip 620
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3540 -ip 3540
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 548 -ip 548
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3960 -ip 3960
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1556 -ip 1556
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2688 -ip 2688
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3140 -ip 3140
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4952 -ip 4952
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4224 -ip 4224
1⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3592 -ip 3592
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3420 -ip 3420
1⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1980 -ip 1980
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2776 -ip 2776
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2928 -ip 2928
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3308 -ip 3308
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1004 -ip 1004
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5876 -ip 5876
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1544 -ip 1544
1⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1900 -ip 1900
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5860 -ip 5860
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5808 -ip 5808
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5892 -ip 5892
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5840 -ip 5840
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 620 -ip 620
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5004 -ip 5004
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3960 -ip 3960
1⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5180 -ip 5180
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 440 -ip 440
1⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2688 -ip 2688
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1556 -ip 1556
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 3140 -ip 3140
1⤵
PID:656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5344 -ip 5344
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5124 -ip 5124
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5260 -ip 5260
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5816 -ip 5816
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1924 -ip 1924
1⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3592 -ip 3592
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5748 -ip 5748
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5708 -ip 5708
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 1044 -ip 1044
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3308 -ip 3308
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2776 -ip 2776
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5632 -ip 5632
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5744 -ip 5744
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5644 -ip 5644
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2640 -ip 2640
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5776 -ip 5776
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4852 -ip 4852
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5876 -ip 5876
1⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6080 -ip 6080
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6272 -ip 6272
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5808 -ip 5808
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5860 -ip 5860
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 768 -ip 768
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1484 -ip 1484
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2616 -ip 2616
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5892 -ip 5892
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5840 -ip 5840
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4656 -ip 4656
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5932 -ip 5932
1⤵
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6012 -ip 6012
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3288 -ip 3288
1⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5488 -ip 5488
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5116 -ip 5116
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1260 -ip 1260
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1860 -ip 1860
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5984 -ip 5984
1⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5180 -ip 5180
1⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4864 -ip 4864
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5716 -ip 5716
1⤵
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 440 -ip 440
1⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5172 -ip 5172
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6468 -ip 6468
1⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5344 -ip 5344
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5124 -ip 5124
1⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6876 -ip 6876
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1396 -ip 1396
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6152 -ip 6152
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6772 -ip 6772
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6316 -ip 6316
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5260 -ip 5260
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2856 -ip 2856
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5816 -ip 5816
1⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5708 -ip 5708
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1936 -ip 1936
1⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5632 -ip 5632
1⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 1044 -ip 1044
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6892 -ip 6892
1⤵
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 5744 -ip 5744
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6936 -ip 6936
1⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5644 -ip 5644
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2640 -ip 2640
1⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5776 -ip 5776
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4852 -ip 4852
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6272 -ip 6272
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6080 -ip 6080
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 1484 -ip 1484
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 768 -ip 768
1⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2616 -ip 2616
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 4656 -ip 4656
1⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5932 -ip 5932
1⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6012 -ip 6012
1⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 3288 -ip 3288
1⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 5488 -ip 5488
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5116 -ip 5116
1⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1860 -ip 1860
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5984 -ip 5984
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1260 -ip 1260
1⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 4864 -ip 4864
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2268 -ip 2268
1⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6328 -ip 6328
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6352 -ip 6352
1⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6052 -ip 6052
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 5172 -ip 5172
1⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6468 -ip 6468
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 1928 -ip 1928
1⤵
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6876 -ip 6876
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6152 -ip 6152
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 5848 -ip 5848
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6760 -ip 6760
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5788 -ip 5788
1⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4988 -ip 4988
1⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 6772 -ip 6772
1⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7224 -ip 7224
1⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6316 -ip 6316
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 7156 -ip 7156
1⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7128 -ip 7128
1⤵
PID:720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 7072 -ip 7072
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7272 -ip 7272
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 1148 -ip 1148
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 7092 -ip 7092
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6744 -ip 6744
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 4724 -ip 4724
1⤵
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 7264 -ip 7264
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6300 -ip 6300
1⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7148 -ip 7148
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 7180 -ip 7180
1⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6336 -ip 6336
1⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 7144 -ip 7144
1⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8140 -ip 8140
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 8028 -ip 8028
1⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7568 -ip 7568
1⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 5212 -ip 5212
1⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 7964 -ip 7964
1⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1656 -ip 1656
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7492 -ip 7492
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7508 -ip 7508
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6256 -ip 6256
1⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5152 -ip 5152
1⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5468 -ip 5468
1⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 7472 -ip 7472
1⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 8172 -ip 8172
1⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7344 -ip 7344
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7776 -ip 7776
1⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7732 -ip 7732
1⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6548 -ip 6548
1⤵
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2028 -ip 2028
1⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7780 -ip 7780
1⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7976 -ip 7976
1⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 2860 -ip 2860
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 7616 -ip 7616
1⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7232 -ip 7232
1⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 8036 -ip 8036
1⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6820 -ip 6820
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 5236 -ip 5236
1⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2008 -ip 2008
1⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 1936 -ip 1936
1⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 1676 -ip 1676
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3932 -ip 3932
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8104 -ip 8104
1⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5884 -ip 5884
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 5284 -ip 5284
1⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6892 -ip 6892
1⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6936 -ip 6936
1⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 7084 -ip 7084
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 4436 -ip 4436
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6812 -ip 6812
1⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3756 -ip 3756
1⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 976 -ip 976
1⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 388 -ip 388
1⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5928 -ip 5928
1⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7548 -ip 7548
1⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 448 -ip 448
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 5276 -ip 5276
1⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 4428 -ip 4428
1⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4952 -ip 4952
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6608 -ip 6608
1⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6712 -ip 6712
1⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5592 -ip 5592
1⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5072 -ip 5072
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6912 -ip 6912
1⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6860 -ip 6860
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4024 -ip 4024
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 4956 -ip 4956
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7476 -ip 7476
1⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 2796 -ip 2796
1⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5292 -ip 5292
1⤵
PID:13436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 7880 -ip 7880
1⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7120 -ip 7120
1⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6312 -ip 6312
1⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6264 -ip 6264
1⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4980 -ip 4980
1⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 1924 -ip 1924
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 1440 -ip 1440
1⤵
PID:14080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6420 -ip 6420
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 8304 -ip 8304
1⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 7516 -ip 7516
1⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5124 -ip 5124
1⤵
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 8044 -ip 8044
1⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5840 -ip 5840
1⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 8100 -ip 8100
1⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7712 -ip 7712
1⤵
PID:14400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 7172 -ip 7172
1⤵
PID:14408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5108 -ip 5108
1⤵
PID:14416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 680 -ip 680
1⤵
PID:14516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6528 -ip 6528
1⤵
PID:14600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6944 -ip 6944
1⤵
PID:14608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 6884 -ip 6884
1⤵
PID:14652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7196 -ip 7196
1⤵
PID:14672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 1952 -ip 1952
1⤵
PID:14784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7304 -ip 7304
1⤵
PID:14824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 8152 -ip 8152
1⤵
PID:14884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 2384 -ip 2384
1⤵
PID:14896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 7528 -ip 7528
1⤵
PID:14924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5604 -ip 5604
1⤵
PID:14944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5748 -ip 5748
1⤵
PID:15048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 1224 -ip 1224
1⤵
PID:15100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6688 -ip 6688
1⤵
PID:15108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6288 -ip 6288
1⤵
PID:15128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 1512 -ip 1512
1⤵
PID:15276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6424 -ip 6424
1⤵
PID:15348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe

Filesize
468KB

MD5
f1092f85400c247e3e5768ec12ab69ca

SHA1
af98c6f0d34f907084220203cd8ff48cef0bd552

SHA256
ea4c86044a5e1bca2b3c3c0f34aca8fb2b9710c4aa13b7dd7d8eb72f8880c375

SHA512
55ab51fb369028d18c0a8483effaacb6f2e6fe7fd272a8b8cc2fbe3121e46906270a0411eea2694a3720f54dc4c05772d838e3119a83b905f11e56fbee4ae594

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe

Filesize
468KB

MD5
40a3efeb07858cde485882939192906c

SHA1
4b8d5eaebc22d417f083032af09e22663bb6aee8

SHA256
0dbc266160891bbc11a025e44533a4f4c9f733884d492c8341cc5d80c7f14cc7

SHA512
039fc0fa07edf287632315b55155fc1913dbead7c1f3c9318f4e47ed13faeffcb5d449d091180f6c23b8ad6e7c33e1abea7ff11310a4b3e6854abdd117a5bb12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe

Filesize
468KB

MD5
13462be425701c7de1784929b73ecfaf

SHA1
8973938ce0b7dda9a05039cc073875a0f4eae204

SHA256
8e39c1e25a01cd02bd0ffa99e60cbf53a439a3298cc7040eb95ad4b740d37a28

SHA512
54c0ae39d818877cd5b41b6348c71719843ef0cc4b7708b785e7a9df5a80f049787cc546b4b625fc7c9d95382f0acd871c77486e68a8b9c9c28c2d241211bc15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe

Filesize
468KB

MD5
e6d20f7598de9087e3c76119241ec1de

SHA1
facc87db67a9a548a5642b31f07e8edecd80ca45

SHA256
565353ba826afc9154010186cb44b5b7744b004d8b0f27a80b18a2282e03d9c6

SHA512
929a63c878b9bf0c327f712f7811e6e029653262a9de920965f018776a8e8a3ceb2a12c670864acc15a3333fe9db75156b50510de625e531e565f011e3af2bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe

Filesize
468KB

MD5
4c294d6b2916ac1fc2918e80ea9a8e27

SHA1
e5ff0983f83dce5d8e52b0a5866249c1b20b6073

SHA256
6473d564485fb2ccc07a02c8400906fa486e3d252ba22aca51ec0e3c561f4a93

SHA512
2cf2ab2f86ff1cb7b098a63a554b5b9aa019ebaec800388aefdfd1933fe6f29ef0fad201606f00007a03b193df80a1101c293a3e3c7a6b05c48a9c08c407b7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe

Filesize
468KB

MD5
c88bef061d42ee9d316bb5216e2272ed

SHA1
e752c14f365ef8921d3c669de61296d7c43ee6f5

SHA256
1c1fc40bfc3bdd386658fdb8d8a0cfc05fb0e0ad6b623f8d3b3e69a63618fa46

SHA512
6ee9589a35e5f5302c8dcd6c25fa81b9fea25b188c2edb672b60594fc3e7303f3c61a0386ca9f6f50a58014671290fb1babe9fcf96bcb0bd61e62cf3e0962927

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe

Filesize
468KB

MD5
cee2120f55b663b23739906c6297e9d5

SHA1
544561e83a4cd745b159a2bd7908aaa189853151

SHA256
0132eb2cac46f28590b355c93f76b48c724e50d937333d88046549076b614d57

SHA512
2b3c88dd4ae51db25786bb43ed8e6760a43c7866429ef7b2049d27dc9df1e557064b4402c74088e97aad85938cbecfe9841efd9471a9006473818428f10dac8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe

Filesize
468KB

MD5
db058f906e068319f40a80083c208ac2

SHA1
969537330173aa4dddf20a87d6a72335bcd65590

SHA256
c2ab93d0964bf2ac40e4940b2bd0e011e36e4cf27fa7b248a4725d830305adaf

SHA512
e5ea34c213dc5dc5a7568d390e3fe63ed68da798c5a7cb12b204ac310f5b388803696412562e251fb8e91dbf5740d4961cc6a8b6e8fc4690cf63bc571ce76fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe

Filesize
468KB

MD5
91e287965675865ef326bd316a826196

SHA1
ccd25fe521ada1f1b463f5c6bf9e27d0c84c5a1f

SHA256
2fd79e2f81bdd9f8b5094573dff8143be1ab9bb9dbdd166324e1bb0c1170f258

SHA512
13c21cfdeab393946603eb41b37125b5407c08df86f857ddd0729f87aabf95c5b658d577cc0df58235e9bfc62056c0a2c7fb37e16d71d251e1a7ba6e831dfc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe

Filesize
468KB

MD5
09020528d10d2931a137e76e0a4a5bd6

SHA1
59cb58fdbcbc017c62c93ea6a33e8672dc57e37c

SHA256
2bb84c5905e479d82f2b69bc6d9abdd1615b59be19c029573c229340ca8d8c08

SHA512
3b5d72a44cc58639c8d36c56a3fd28a4ac10ca4e5e690a969d1ba1c4d4a6188ba66e810e28743668863c10a1245aafb3bd7469a6e849015bf4d403e9ad4c7204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe

Filesize
468KB

MD5
afdee42b7c3e0d82c89913a18e635b66

SHA1
1a6a856bc8b87cb71d6404f1a3f79a7de5e25d27

SHA256
d6948ee98be6259ca4922e86f0fa1049ea4f2723f61ed029c38ab8b21b77f378

SHA512
270d38d7eb740c0b279dcdc3a021c4854d8fd2ab8ee0444944fe4912b8aad9f93e990eff7cb5c2660304ed5fb81a8285c3d056732094ed3a8a9469599999d11a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe

Filesize
468KB

MD5
5e57ff9d8d5cc2d3075d77e2c3de74a3

SHA1
149b72683fba83c82a51c8fa8210a887dd35c813

SHA256
ab30da696afeea8acbc32cb98016c1c665f9fd90d88fb02bec7fc68060924351

SHA512
4742693df9c75330cff9c6e540b7ef5a6968108ac77ba7b3617096f3eaf08c86d8a7806c7839c1dc77730a3e5cd1cf304ebab9418b82c2a7db546714f491b71b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe

Filesize
468KB

MD5
5b9c4ffd4eb884654ff30ab73bc73876

SHA1
964e92d1bb99d67053f17a5f4366a3447b7fe55d

SHA256
1ab2282dcc93c25888ad58f8bc8e86d8c2f186ad7d83746ec5d6a9459d9355bb

SHA512
b6b4937b58e920fded99d261d6d3ec4dc8c9130ebf7795edd0a8aafb40f2ccbe4fde52b60a12e86e33723aa235b6cab18f30700a4f72427e9b48cce1474b7d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe

Filesize
468KB

MD5
073e7168ce3ab39d6695983de731ebc2

SHA1
b3bc44b37e817b1dce3c189bd43ea26f28cc04eb

SHA256
635bfac838b96230ac6cc3393da4f61ab3b9ee28b6eda12a42df7d844b2becfa

SHA512
4bed38117bbed5c907734af096e5bc33bb8148bc91a1f6fb0cb1f14a978864c4e1fca5dbde0f4fdef0709aa3a427607b1f720e573add65fb4dba0d435a3745a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe

Filesize
468KB

MD5
074cb718c7cdcb33857064e5a9efc5bf

SHA1
e3654b8a56b7e3869fbd0de649385c4f2497f960

SHA256
28853d49180280dfad7195078593d9fe54c898acf331b2314287eb06dd85db4b

SHA512
477d7250f4ba5c538fb62a52d49bcdecb8d8a9858c3d386fe27347947add87a1cb0d8384e43b5e332fd5d366b1527360e287372d9969375c4cf91b2e273c7e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe

Filesize
468KB

MD5
bfc9c10f89b1962a7aede7e863e99c8c

SHA1
549380ca1d72d6ff8023630bd1e249202c9a08a4

SHA256
747e15a400a76794032a305f584d439769427d7b425ad2efed9502b2452caa81

SHA512
32f13883470aaaa3a36fc745a7df5715709e01df8c0f635e2aa15857b479b0848ba6513becead912262644013641d5df486f965e877757cb7293d958a8fc8b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe

Filesize
468KB

MD5
fb917d23d1a8fed8660acf4dc7a016b5

SHA1
3e9fbbe485fa35a2400689e53bbaa885e374d6dc

SHA256
400be435095402e9e89c5983c2b499c6e0798b6e08e2d45f6f86126029d29209

SHA512
ab620e0b890219d1e345c0931cb6958bb6dd64ab03f3dd1149405583e5d96c19fc1388dde923e439fe5d3d0be608e708d9569e4e176805bc89c48d3550e33c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe

Filesize
468KB

MD5
66432fb330a5d06bdf0726ab220ba715

SHA1
4ee1f60dd0cfdd580f9bbddc220e112a15f386f3

SHA256
34abd28719b6be48aa1fbb894a6fec33e1ee69b13f4152f185c7546ce0d043e4

SHA512
613041c60073e46f30c3923373a8e275e30e3cb4e4538ad4659a364b8263604e80511dc54469691eb49142829aeca7e8cef4330ada4f09e3f385fc304a6f9335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe

Filesize
468KB

MD5
7537e50f3c54966fbf4ed108ee731a53

SHA1
2f483058bf73dc70357dcd35ab46335aacbac0a1

SHA256
e7107f99723f89a4539605d54b6b504503160cb28adfe2c7223db9f302128f0c

SHA512
4951207e5a0a9668e10d6b0e67ca614509070453a64d42b64dded28dfd78bab649ccefb60e11a9643beee74581082a202bd745e515a17b4f32422351558cc926

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe

Filesize
468KB

MD5
b4143aa9cf4a4a78d7d4c8d3cd9a4579

SHA1
7158de862b17496bc653d51e5d49b96a7e57f11c

SHA256
258ccb99f58a9b58810dcc9f95901883fbafcde52f8b08d4bedb1971d2c774a8

SHA512
ef9e4111558e6954d4bebc157673f284b3d594d5170028b17d0b34bad4dffd0a1ec7d0950fec147264de1b28a42c59f3c916f775a727b014bd0a655c53a4dd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe

Filesize
468KB

MD5
e29c9ce08e40d81950e26a969b4f8d9a

SHA1
3ef2bf7f4a2325bfe53be741ccd179f6f659ce69

SHA256
c8079aa28b1d881ed55f9c67bad57e9be2a1b4020c21a01cb564e2e7ca8c0a59

SHA512
73324e2fbd49a6c93ea1564317c1efe5f2f9bd224c3f83b30cd727f00a0865b8204dd5281412240e42a29f89613ce23fb9039f8f05b51f961d763e7cfe2f20cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe

Filesize
468KB

MD5
d9a11a824b78e74765f10ce907100201

SHA1
dff2c325d1a2d78fd43307d89dc78a277839fcdd

SHA256
7856cda5f964f90938c0f16f636174b03e6a038458665c7630a491f48b932f8c

SHA512
ddc82e8a06dc2306041e48330f01921ebcca3a7e52cfa43d2183d0426ba0bbc9efd048b14066bba268aba25ca8d402288408fb284760d59a1756b93898a30f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe

Filesize
468KB

MD5
941340354d51b1ec4a255c7dcedcc614

SHA1
3e6715e24d16a04ddb0db070964c7ddd91efc16b

SHA256
60c065b2cee83628a4dcea7aca08ad5ec85dd10fae4c051f69b266cfd6d79f0c

SHA512
6d139a5d20152d84af0395232b61b607b59860e3abe7f5672e57eb42566840afdb2d7fd36d53c416dd020d1782f1c02315df07576d1dca06554e945a05027df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe

Filesize
468KB

MD5
1d200ff6d99088704950182d92e32f56

SHA1
30065e4c2bf480b3f964f142ae69a9357be5c34c

SHA256
e359d9a31827324ab15946b2c0200094b81db0121ecc83069bf7213aef54ef77

SHA512
f2d1dcae035aaf857d23d15c3d57edf38fb29232505a9b1609d219bbf0e190bd9f670ee8523cfd13fdf3572939457640c0f1f73120eb69732ed8977f0b4fbc93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe

Filesize
468KB

MD5
719456fc46eff37c44bd1672d6094dbe

SHA1
ca8d50bf3eb58893eb9ef8f9483bb26856536879

SHA256
216de3ae875623851c63260005ac79d96c1bf66993981b5d20ead99eba625068

SHA512
2813a3424956c118d1b1110715361ba7627aa2d09fd2a108922c5649924107826509304dcb4ec9fe11d6473012fdfab2b65ff98032b7417dfafb6884ab0d5108

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe

Filesize
468KB

MD5
9387d1dbaf69ba07fa5691bbc30aaeca

SHA1
e73369d1b644001e84ec2a78ddedd4031f8b93f4

SHA256
784d35a3f9bffeec1735a420e9795bd235c874e237575e46882424ea1f108d41

SHA512
c0e0bd87d1bad2eba4015cfb3d22377965a6a27f1da1a0f4631b87df2910a6b6326907d048d42d42174769be06686deb5890db9bc1df1a390e40b84d8c942db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe

Filesize
468KB

MD5
030f75fe31af0e7e6e1baf9d23cf5627

SHA1
aa50988165eddb50b715a173813bb9be6f259063

SHA256
f4652f94ce3b611dd4cb993a7edb50205a8fc10f4ccec483ce1cadeed4b88bea

SHA512
e0fb36bf78aa3d2cfd2237199aef95f4e047530f65615ab14d66cc3c680eb1baeb459b2915af079c01fc8bea431810427f849050b4da323894c624f493a6814b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe

Filesize
468KB

MD5
d36dd564378499f4648f2f36fde9b745

SHA1
b5cfc16f34db79ddf72548a2bfae5181f1858ecc

SHA256
5ecffcd09764a0125d4baea5b611cbd729278c39a443ba1486018e1727eb9a46

SHA512
eb8f519246c3658e1047ebbf0db1a70f5f026df89f4009206037b8688995902ec65250c9b9541596fd9fd1e2ec872bba4eba408b40152b7cbe9d9b434a10cf9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe

Filesize
468KB

MD5
05f442ec3be5dfc1f04351bcb8e76f95

SHA1
ec23294c07b92d9e0ec1fdd598d276cf8578f9d9

SHA256
87301b7a4d31fb5e8fa5c11da7ef37a599d9a0df29ffdeac5acb7789b0f92131

SHA512
9de4360baecd4203a3ce7076f955011e8613c00e66229837015f13677e22c5c322fa1cc30a9a3530a866a4d98f1148a974b965901235da09ca34d1c6d39d96bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe

Filesize
468KB

MD5
77ff2cdd76d3ea5fa96eb2d81cc46490

SHA1
df52918d902d08e9e660881d5755f9e19404a94e

SHA256
337fb2fe80471f6c9ab9bc6a043b5269752eeb55f59f477d25e3211d7fc0a07c

SHA512
9e27409ed5cc06371d059d9382462feb0599518ec4398f9e6ba9776b2f6fa9333011dae0ed8e5b7c6700623b509ac1c43451b15ba67e9e20ec9971b6b637aeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe

Filesize
468KB

MD5
0a0bf46bdcab205dd86b1686a482e0af

SHA1
abc0c7c5b75be213a94e0fa540f084bf4d8fd439

SHA256
a84128d0c49c0f35015f1d486d7a6ab2ed224216c0e08053dba769ad4496134b

SHA512
c5cbbe4e101cc8765feded67403d9d536e07d6db5fdff64b350752bd0d609cf96c404220cd032b70652d81add63e5659c37c597a7c1200753ebbdf2f50a2ec39

Download Submit