308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2

Analysis

max time kernel
39s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe
Size

468KB
MD5

71f66aea75c05e87080c705396883860
SHA1

51256c1171b5e33abbeae1200e4db35c6aeaf108
SHA256

308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2
SHA512

95eae163e83ca8891a5b188aca3226dab15c9efc6ca04b278b724c017a489a6c81628fed442ffc713004da6087750f184fd5b9c68bc01eed514d9cb8ef3a90a8
SSDEEP

3072:1G3HoggSIE5TtbY2HzcOcf8/zDyaP0pkJVHeTVvyQ6H5v7ggERlU:1G3ozMTtxH4OcfcY1UQ6ZzggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
884	Unicorn-25099.exe
4920	Unicorn-32473.exe
4040	Unicorn-16691.exe
3048	Unicorn-760.exe
3784	Unicorn-760.exe
4636	Unicorn-38839.exe
2276	Unicorn-52575.exe
3644	Unicorn-41383.exe
3388	Unicorn-27084.exe
2076	Unicorn-33215.exe
4724	Unicorn-37034.exe
1784	Unicorn-17433.exe
5092	Unicorn-17433.exe
4460	Unicorn-13718.exe
4012	Unicorn-16411.exe
916	Unicorn-14294.exe
3108	Unicorn-14294.exe
1920	Unicorn-9448.exe
4328	Unicorn-63230.exe
4164	Unicorn-43629.exe
404	Unicorn-61449.exe
4984	Unicorn-64071.exe
3960	Unicorn-48290.exe
5000	Unicorn-20901.exe
3268	Unicorn-2518.exe
4048	Unicorn-54149.exe
1380	Unicorn-33729.exe
2784	Unicorn-60371.exe
2360	Unicorn-47927.exe
924	Unicorn-52011.exe
2200	Unicorn-52011.exe
3912	Unicorn-29544.exe
1468	Unicorn-49303.exe
864	Unicorn-38367.exe
3404	Unicorn-32767.exe
2276	Unicorn-57968.exe
4792	Unicorn-22053.exe
760	Unicorn-59556.exe
4744	Unicorn-5716.exe
2236	Unicorn-56955.exe
2116	Unicorn-20683.exe
1128	Unicorn-8430.exe
4372	Unicorn-8165.exe
3152	Unicorn-58186.exe
3384	Unicorn-70.exe
4876	Unicorn-6847.exe
3604	Unicorn-22437.exe
4536	Unicorn-51772.exe
2952	Unicorn-6100.exe
2504	Unicorn-1201.exe
4040	Unicorn-4730.exe
3672	Unicorn-25705.exe
1460	Unicorn-64045.exe
952	Unicorn-31735.exe
1108	Unicorn-20875.exe
4988	Unicorn-8622.exe
2272	Unicorn-50210.exe
2608	Unicorn-61675.exe
1284	Unicorn-4538.exe
1960	Unicorn-31181.exe
3648	Unicorn-31181.exe
1560	Unicorn-52977.exe
3032	Unicorn-10303.exe
4872	Unicorn-50640.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3912	3048	WerFault.exe	93
2220	2276	WerFault.exe	95
4696	2276	WerFault.exe	95
4400	3048	WerFault.exe	93
4764	1784	WerFault.exe	102
4428	4724	WerFault.exe	101
3152	2076	WerFault.exe	100
2400	4040	WerFault.exe	90
4852	4724	WerFault.exe	101
2020	2076	WerFault.exe	100
4932	4040	WerFault.exe	90
2352	1784	WerFault.exe	102
3636	5092	WerFault.exe	103
1852	5092	WerFault.exe	103
1852	864	WerFault.exe	148
4272	864	WerFault.exe	148
2932	3268	WerFault.exe	140
5168	5000	WerFault.exe	139
5868	1460	WerFault.exe	172
5204	3032	WerFault.exe	182
6000	5008	WerFault.exe	190
3376	976	WerFault.exe	210
5204	2176	WerFault.exe	198
6660	5000	WerFault.exe	139
7964	1432	WerFault.exe	204
7676	2400	WerFault.exe	255
8096	952	WerFault.exe	173
7580	4768	WerFault.exe	197
8200	6896	WerFault.exe	376
7316	7048	WerFault.exe	339
7144	3836	WerFault.exe	194
10532	4792	WerFault.exe	156
10524	5452	WerFault.exe	264
10512	1960	WerFault.exe	179
10292	6044	WerFault.exe	278
7428	7196	WerFault.exe	390
11284	5312	WerFault.exe	433
10348	1528	WerFault.exe	209
10928	5692	WerFault.exe	492
11240	7612	WerFault.exe	441
6584	6084	WerFault.exe	516
6400	1400	WerFault.exe	506
6508	7548	WerFault.exe	447
11188	6212	WerFault.exe	484
11084	8104	WerFault.exe	426
11032	5508	WerFault.exe	449
11024	7932	WerFault.exe	462
10428	7568	WerFault.exe	442
11656	6820	WerFault.exe	490
11496	6908	WerFault.exe	374
10876	7760	WerFault.exe	455
11924	5464	WerFault.exe	232
12276	5672	WerFault.exe	346
12164	7212	WerFault.exe	391
12156	6708	WerFault.exe	366
12136	5288	WerFault.exe	294
12128	7028	WerFault.exe	337
12120	6300	WerFault.exe	353
12112	7136	WerFault.exe	389
12104	6120	WerFault.exe	292
12096	6172	WerFault.exe	321
12088	6164	WerFault.exe	347
11904	5868	WerFault.exe	345
10872	5732	WerFault.exe	445

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4320.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe
884	Unicorn-25099.exe
4920	Unicorn-32473.exe
4040	Unicorn-16691.exe
4636	Unicorn-38839.exe
3048	Unicorn-760.exe
3784	Unicorn-760.exe
2276	Unicorn-52575.exe
3644	Unicorn-41383.exe
3388	Unicorn-27084.exe
2076	Unicorn-33215.exe
5092	Unicorn-17433.exe
4724	Unicorn-37034.exe
1784	Unicorn-17433.exe
4460	Unicorn-13718.exe
4012	Unicorn-16411.exe
916	Unicorn-14294.exe
1920	Unicorn-9448.exe
3108	Unicorn-14294.exe
404	Unicorn-61449.exe
4164	Unicorn-43629.exe
4328	Unicorn-63230.exe
4984	Unicorn-64071.exe
3960	Unicorn-48290.exe
5000	Unicorn-20901.exe
3268	Unicorn-2518.exe
4048	Unicorn-54149.exe
1380	Unicorn-33729.exe
2784	Unicorn-60371.exe
924	Unicorn-52011.exe
2360	Unicorn-47927.exe
2200	Unicorn-52011.exe
864	Unicorn-38367.exe
3912	Unicorn-29544.exe
1468	Unicorn-49303.exe
2276	Unicorn-57968.exe
3404	Unicorn-32767.exe
4792	Unicorn-22053.exe
760	Unicorn-59556.exe
4744	Unicorn-5716.exe
2236	Unicorn-56955.exe
2116	Unicorn-20683.exe
1128	Unicorn-8430.exe
4372	Unicorn-8165.exe
3152	Unicorn-58186.exe
3384	Unicorn-70.exe
4876	Unicorn-6847.exe
3604	Unicorn-22437.exe
2952	Unicorn-6100.exe
4536	Unicorn-51772.exe
2504	Unicorn-1201.exe
4040	Unicorn-4730.exe
3672	Unicorn-25705.exe
1460	Unicorn-64045.exe
952	Unicorn-31735.exe
1108	Unicorn-20875.exe
4988	Unicorn-8622.exe
2272	Unicorn-50210.exe
2608	Unicorn-61675.exe
3648	Unicorn-31181.exe
1284	Unicorn-4538.exe
1960	Unicorn-31181.exe
1560	Unicorn-52977.exe
4872	Unicorn-50640.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 884	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	86
PID 1696 wrote to memory of 884	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	86
PID 1696 wrote to memory of 884	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	86
PID 884 wrote to memory of 4920	884	Unicorn-25099.exe	89
PID 884 wrote to memory of 4920	884	Unicorn-25099.exe	89
PID 884 wrote to memory of 4920	884	Unicorn-25099.exe	89
PID 1696 wrote to memory of 4040	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	90
PID 1696 wrote to memory of 4040	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	90
PID 1696 wrote to memory of 4040	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	90
PID 4040 wrote to memory of 3048	4040	Unicorn-16691.exe	93
PID 4040 wrote to memory of 3048	4040	Unicorn-16691.exe	93
PID 4040 wrote to memory of 3048	4040	Unicorn-16691.exe	93
PID 4920 wrote to memory of 3784	4920	Unicorn-32473.exe	92
PID 4920 wrote to memory of 3784	4920	Unicorn-32473.exe	92
PID 4920 wrote to memory of 3784	4920	Unicorn-32473.exe	92
PID 884 wrote to memory of 4636	884	Unicorn-25099.exe	94
PID 884 wrote to memory of 4636	884	Unicorn-25099.exe	94
PID 884 wrote to memory of 4636	884	Unicorn-25099.exe	94
PID 1696 wrote to memory of 2276	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	95
PID 1696 wrote to memory of 2276	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	95
PID 1696 wrote to memory of 2276	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	95
PID 4636 wrote to memory of 3644	4636	Unicorn-38839.exe	98
PID 4636 wrote to memory of 3644	4636	Unicorn-38839.exe	98
PID 4636 wrote to memory of 3644	4636	Unicorn-38839.exe	98
PID 884 wrote to memory of 3388	884	Unicorn-25099.exe	99
PID 884 wrote to memory of 3388	884	Unicorn-25099.exe	99
PID 884 wrote to memory of 3388	884	Unicorn-25099.exe	99
PID 3784 wrote to memory of 2076	3784	Unicorn-760.exe	100
PID 3784 wrote to memory of 2076	3784	Unicorn-760.exe	100
PID 3784 wrote to memory of 2076	3784	Unicorn-760.exe	100
PID 1696 wrote to memory of 4724	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	101
PID 1696 wrote to memory of 4724	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	101
PID 1696 wrote to memory of 4724	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	101
PID 4920 wrote to memory of 1784	4920	Unicorn-32473.exe	102
PID 4920 wrote to memory of 1784	4920	Unicorn-32473.exe	102
PID 4920 wrote to memory of 1784	4920	Unicorn-32473.exe	102
PID 4040 wrote to memory of 5092	4040	Unicorn-16691.exe	103
PID 4040 wrote to memory of 5092	4040	Unicorn-16691.exe	103
PID 4040 wrote to memory of 5092	4040	Unicorn-16691.exe	103
PID 3644 wrote to memory of 4460	3644	Unicorn-41383.exe	113
PID 3644 wrote to memory of 4460	3644	Unicorn-41383.exe	113
PID 3644 wrote to memory of 4460	3644	Unicorn-41383.exe	113
PID 4636 wrote to memory of 4012	4636	Unicorn-38839.exe	114
PID 4636 wrote to memory of 4012	4636	Unicorn-38839.exe	114
PID 4636 wrote to memory of 4012	4636	Unicorn-38839.exe	114
PID 3388 wrote to memory of 916	3388	Unicorn-27084.exe	117
PID 3388 wrote to memory of 916	3388	Unicorn-27084.exe	117
PID 3388 wrote to memory of 916	3388	Unicorn-27084.exe	117
PID 5092 wrote to memory of 3108	5092	Unicorn-17433.exe	118
PID 5092 wrote to memory of 3108	5092	Unicorn-17433.exe	118
PID 5092 wrote to memory of 3108	5092	Unicorn-17433.exe	118
PID 1696 wrote to memory of 1920	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	120
PID 1696 wrote to memory of 1920	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	120
PID 1696 wrote to memory of 1920	1696	308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe	120
PID 884 wrote to memory of 4328	884	Unicorn-25099.exe	122
PID 884 wrote to memory of 4328	884	Unicorn-25099.exe	122
PID 884 wrote to memory of 4328	884	Unicorn-25099.exe	122
PID 3784 wrote to memory of 4164	3784	Unicorn-760.exe	123
PID 3784 wrote to memory of 4164	3784	Unicorn-760.exe	123
PID 3784 wrote to memory of 4164	3784	Unicorn-760.exe	123
PID 4920 wrote to memory of 404	4920	Unicorn-32473.exe	125
PID 4920 wrote to memory of 404	4920	Unicorn-32473.exe	125
PID 4920 wrote to memory of 404	4920	Unicorn-32473.exe	125
PID 4460 wrote to memory of 4984	4460	Unicorn-13718.exe	137

C:\Users\Admin\AppData\Local\Temp\308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe
"C:\Users\Admin\AppData\Local\Temp\308044c0f699bab79b350adab08d7cafd883a305529c2f6711bd37f6bc1d1db2N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 632
        6⤵
        Program crash
        
        PID:3152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 632
        6⤵
        Program crash
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 732
        10⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        10⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        11⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        11⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        10⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        9⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 720
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54969.exe
        8⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 616
        9⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 648
        8⤵
        Program crash
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        9⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 636
        10⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 660
        9⤵
        Program crash
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
        8⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 636
        9⤵
        Program crash
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 656
        8⤵
        Program crash
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        5⤵
        Executes dropped EXE
        
        PID:3032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 724
        6⤵
        Program crash
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        6⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 636
        7⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        6⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        7⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        6⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        5⤵
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 624
        5⤵
        Program crash
        
        PID:4764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 624
        5⤵
        Program crash
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        8⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 724
        9⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        7⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 628
        8⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 756
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        8⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 720
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        8⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        7⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        7⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 636
        8⤵
        Program crash
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58943.exe
        7⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        6⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 636
        7⤵
        Program crash
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        6⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        6⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        6⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        7⤵
        
        PID:12064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 632
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
        5⤵
        
        PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        5⤵
        
        PID:6896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 632
        6⤵
        Program crash
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        6⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        5⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        6⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39607.exe
        5⤵
        
        PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53703.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        5⤵
        
        PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        6⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 636
        7⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        6⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        6⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        5⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        6⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
        5⤵
        
        PID:8148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 636
        6⤵
        
        PID:10944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 636
        6⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        5⤵
        
        PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
      4⤵
      PID:6952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 636
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
      4⤵
      PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53563.exe
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
      4⤵
      PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
        5⤵
        
        PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30579.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        12⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        13⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        12⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
        11⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        12⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 660
        11⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 636
        11⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        10⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        11⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        10⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        9⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
        9⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        10⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        10⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        9⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        9⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 744
        8⤵
        Program crash
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 724
        8⤵
        Program crash
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        9⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        10⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        11⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 632
        9⤵
        Program crash
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 640
        8⤵
        Program crash
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        8⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 632
        9⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 636
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39173.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        10⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        9⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        9⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 632
        10⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        9⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        8⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 636
        9⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        9⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        8⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        11⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 616
        10⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        9⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        9⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        8⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 636
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        7⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 636
        8⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        7⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        7⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 632
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        7⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41388.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        9⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        7⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        6⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 636
        7⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        7⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 644
        9⤵
        Program crash
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        10⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        9⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        9⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        9⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        8⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 636
        9⤵
        Program crash
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        9⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 648
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        9⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        8⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        7⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        7⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        9⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        9⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 656
        8⤵
        Program crash
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        9⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        8⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
        7⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        6⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        7⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
        6⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
        7⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        5⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        6⤵
        
        PID:5692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 740
        6⤵
        Program crash
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        6⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 636
        7⤵
        Program crash
        
        PID:11084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 668
        6⤵
        Program crash
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19965.exe
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        6⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        6⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        5⤵
        
        PID:9960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 632
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        5⤵
        
        PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        8⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 632
        9⤵
        Program crash
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        8⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 748
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        9⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        7⤵
        
        PID:12564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 720
        6⤵
        Program crash
        
        PID:5168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 756
        6⤵
        Program crash
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        6⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 624
        7⤵
        Program crash
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        7⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        7⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 636
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        7⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        6⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        5⤵
        
        PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        9⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
        10⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 640
        9⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        8⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 668
        7⤵
        Program crash
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
        7⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 636
        8⤵
        Program crash
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        7⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        7⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        6⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        7⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        6⤵
        
        PID:14116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 716
        5⤵
        Program crash
        
        PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        8⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 636
        9⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 656
        8⤵
        Program crash
        
        PID:12164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 740
        6⤵
        Program crash
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
      4⤵
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
      4⤵
      PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
      4⤵
      PID:6820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 636
        5⤵
        Program crash
        
        PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
      4⤵
      PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
      4⤵
      PID:11132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        7⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 648
        8⤵
        Program crash
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        7⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 636
        8⤵
        Program crash
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 652
        7⤵
        Program crash
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        6⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 612
        7⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        9⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        10⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        11⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 668
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        9⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        9⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        9⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        10⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        9⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        9⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        7⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        7⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 636
        8⤵
        Program crash
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
        7⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        9⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        9⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        7⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51824.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        8⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        7⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        6⤵
        
        PID:60
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 636
        7⤵
        
        PID:6072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 648
        6⤵
        Program crash
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        5⤵
        
        PID:5496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 640
        6⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        5⤵
        
        PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 632
        5⤵
        Program crash
        
        PID:1852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 632
        5⤵
        Program crash
        
        PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
      4⤵
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        7⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        6⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20061.exe
        7⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        6⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
        5⤵
        
        PID:8376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 636
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        5⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
        6⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
      4⤵
      PID:12032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 640
        6⤵
        Program crash
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        6⤵
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 720
        5⤵
        Program crash
        
        PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        5⤵
        
        PID:2368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 636
        6⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        5⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        6⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        5⤵
        
        PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
      4⤵
      PID:13852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        6⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 636
        7⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        6⤵
        
        PID:14068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 720
        5⤵
        Program crash
        
        PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        7⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 664
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        6⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 632
        7⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
        6⤵
        
        PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
      4⤵
      PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
      4⤵
      PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 648
        5⤵
        
        PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
      4⤵
      PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
      4⤵
      PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        8⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 720
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        7⤵
        
        PID:8688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 636
        6⤵
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        6⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 632
        7⤵
        
        PID:9376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 636
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56997.exe
        5⤵
        
        PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        5⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        6⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        5⤵
        
        PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
      4⤵
      PID:13488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        5⤵
        
        PID:8100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 636
        6⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        5⤵
        
        PID:13076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
    3⤵
    PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
    3⤵
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
      4⤵
      PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
        5⤵
        
        PID:14848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
    3⤵
    PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
    3⤵
    PID:2736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 724
      4⤵
      Program crash
      PID:3912
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 760
      4⤵
      Program crash
      PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 728
        10⤵
        Program crash
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        10⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        10⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        9⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        7⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        8⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        9⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        10⤵
        
        PID:228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 664
        8⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        7⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 756
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        7⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 628
        7⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
        6⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 624
        7⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        6⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        8⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 628
        7⤵
        Program crash
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 636
        9⤵
        Program crash
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 752
        8⤵
        Program crash
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 668
        7⤵
        Program crash
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        7⤵
        
        PID:14076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 632
        6⤵
        Program crash
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 656
      4⤵
      Program crash
      PID:3636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 684
      4⤵
      Program crash
      PID:1852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 668
    3⤵
    - Program crash
    PID:2400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 668
    3⤵
    - Program crash
    PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2276
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 720
    3⤵
    - Program crash
    PID:2220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 720
    3⤵
    - Program crash
    PID:4696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 640
    3⤵
    - Program crash
    PID:4428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 640
    3⤵
    - Program crash
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        5⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        7⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 636
        8⤵
        Program crash
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 724
        7⤵
        Program crash
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        7⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 540
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 732
        7⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        7⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        6⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        5⤵
        
        PID:7040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 724
        5⤵
        
        PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
      4⤵
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
      4⤵
      PID:6212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 652
        5⤵
        Program crash
        
        PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
      4⤵
      PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        5⤵
        
        PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
      4⤵
      PID:12420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
      4⤵
      PID:6200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
    3⤵
    PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
    3⤵
    PID:7160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
    3⤵
    PID:3576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 612
      4⤵
      PID:10860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
    3⤵
    PID:9952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
    3⤵
    PID:4704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        7⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        6⤵
        
        PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
      4⤵
      PID:5692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 644
        5⤵
        Program crash
        
        PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      4⤵
      PID:9048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 628
        5⤵
        
        PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
      4⤵
      PID:12240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        6⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        7⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        5⤵
        
        PID:9356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 632
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
      4⤵
      PID:5716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 644
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
      4⤵
      PID:9324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 636
        5⤵
        
        PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      4⤵
      PID:9472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
      4⤵
      PID:5140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 744
      4⤵
      Program crash
      PID:11924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
    3⤵
    PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        5⤵
        
        PID:8312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 632
        6⤵
        
        PID:1648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 672
        5⤵
        
        PID:13364
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 636
      4⤵
      Program crash
      PID:12120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
  2⤵
  PID:5528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
    3⤵
    PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2276 -ip 2276
1⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3048 -ip 3048
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2276 -ip 2276
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3048 -ip 3048
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4724 -ip 4724
1⤵
PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2076 -ip 2076
1⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1784 -ip 1784
1⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4040 -ip 4040
1⤵
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4724 -ip 4724
1⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2076 -ip 2076
1⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4040 -ip 4040
1⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1784 -ip 1784
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5092 -ip 5092
1⤵
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5092 -ip 5092
1⤵
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 864 -ip 864
1⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 864 -ip 864
1⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3268 -ip 3268
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5000 -ip 5000
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1460 -ip 1460
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3032 -ip 3032
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4164 -ip 4164
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3648 -ip 3648
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1284 -ip 1284
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3912 -ip 3912
1⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5008 -ip 5008
1⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1284 -ip 1284
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4164 -ip 4164
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1612 -ip 1612
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3268 -ip 3268
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2176 -ip 2176
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4404 -ip 4404
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3912 -ip 3912
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3648 -ip 3648
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 976 -ip 976
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1612 -ip 1612
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4404 -ip 4404
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2176 -ip 2176
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5000 -ip 5000
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3032 -ip 3032
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3236 -ip 3236
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5180 -ip 5180
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3976 -ip 3976
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5156 -ip 5156
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1020 -ip 1020
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5596 -ip 5596
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5424 -ip 5424
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1460 -ip 1460
1⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3236 -ip 3236
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5652 -ip 5652
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5488 -ip 5488
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5180 -ip 5180
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5616 -ip 5616
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5856 -ip 5856
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6080 -ip 6080
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5208 -ip 5208
1⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5692 -ip 5692
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4128 -ip 4128
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5540 -ip 5540
1⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1932 -ip 1932
1⤵
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5572 -ip 5572
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5156 -ip 5156
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3976 -ip 3976
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2504 -ip 2504
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1020 -ip 1020
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5424 -ip 5424
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5596 -ip 5596
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2236 -ip 2236
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5652 -ip 5652
1⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5488 -ip 5488
1⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3404 -ip 3404
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3956 -ip 3956
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 2200 -ip 2200
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5856 -ip 5856
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5616 -ip 5616
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5692 -ip 5692
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2024 -ip 2024
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5208 -ip 5208
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1432 -ip 1432
1⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 952 -ip 952
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4128 -ip 4128
1⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5540 -ip 5540
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6080 -ip 6080
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2400 -ip 2400
1⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5476 -ip 5476
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1932 -ip 1932
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5572 -ip 5572
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4964 -ip 4964
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1696 -ip 1696
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2504 -ip 2504
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2236 -ip 2236
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3956 -ip 3956
1⤵
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3404 -ip 3404
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5236 -ip 5236
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2200 -ip 2200
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2024 -ip 2024
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 976 -ip 976
1⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 952 -ip 952
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4768 -ip 4768
1⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4960 -ip 4960
1⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5476 -ip 5476
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4964 -ip 4964
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4696 -ip 4696
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1696 -ip 1696
1⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5140 -ip 5140
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5892 -ip 5892
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6200 -ip 6200
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6224 -ip 6224
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6252 -ip 6252
1⤵
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6104 -ip 6104
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6272 -ip 6272
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6580 -ip 6580
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6216 -ip 6216
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7140 -ip 7140
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6992 -ip 6992
1⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6304 -ip 6304
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6192 -ip 6192
1⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7040 -ip 7040
1⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6316 -ip 6316
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 7160 -ip 7160
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5968 -ip 5968
1⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6072 -ip 6072
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6148 -ip 6148
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 1008 -ip 1008
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5952 -ip 5952
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6644 -ip 6644
1⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6180 -ip 6180
1⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6264 -ip 6264
1⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6916 -ip 6916
1⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5784 -ip 5784
1⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4016 -ip 4016
1⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7260 -ip 7260
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6896 -ip 6896
1⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5336 -ip 5336
1⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 5236 -ip 5236
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5008 -ip 5008
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 4960 -ip 4960
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5528 -ip 5528
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3108 -ip 3108
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5464 -ip 5464
1⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5512 -ip 5512
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5416 -ip 5416
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5548 -ip 5548
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5264 -ip 5264
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 528 -ip 528
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 3672 -ip 3672
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3384 -ip 3384
1⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 4040 -ip 4040
1⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 4852 -ip 4852
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5556 -ip 5556
1⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 4372 -ip 4372
1⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6056 -ip 6056
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2272 -ip 2272
1⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3604 -ip 3604
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5704 -ip 5704
1⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1108 -ip 1108
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1952 -ip 1952
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5364 -ip 5364
1⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4876 -ip 4876
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4536 -ip 4536
1⤵
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5392 -ip 5392
1⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5980 -ip 5980
1⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 5404 -ip 5404
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 924 -ip 924
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 2608 -ip 2608
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 4696 -ip 4696
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5680 -ip 5680
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5636 -ip 5636
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7272 -ip 7272
1⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7316 -ip 7316
1⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 5140 -ip 5140
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 7084 -ip 7084
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5892 -ip 5892
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6252 -ip 6252
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 6160 -ip 6160
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 6104 -ip 6104
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6224 -ip 6224
1⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 7356 -ip 7356
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7340 -ip 7340
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6272 -ip 6272
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7048 -ip 7048
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 7140 -ip 7140
1⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6200 -ip 6200
1⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6192 -ip 6192
1⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 6992 -ip 6992
1⤵
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6580 -ip 6580
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6304 -ip 6304
1⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7040 -ip 7040
1⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 6216 -ip 6216
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7160 -ip 7160
1⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6316 -ip 6316
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 5968 -ip 5968
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5952 -ip 5952
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6072 -ip 6072
1⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 4016 -ip 4016
1⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6148 -ip 6148
1⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 5784 -ip 5784
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6644 -ip 6644
1⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6180 -ip 6180
1⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 3836 -ip 3836
1⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 6264 -ip 6264
1⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6916 -ip 6916
1⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 1008 -ip 1008
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6044 -ip 6044
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 1432 -ip 1432
1⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 7260 -ip 7260
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1960 -ip 1960
1⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 4792 -ip 4792
1⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5452 -ip 5452
1⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5336 -ip 5336
1⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5528 -ip 5528
1⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3108 -ip 3108
1⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5464 -ip 5464
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5512 -ip 5512
1⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5548 -ip 5548
1⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 3672 -ip 3672
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 528 -ip 528
1⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4040 -ip 4040
1⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 5556 -ip 5556
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 5416 -ip 5416
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 5264 -ip 5264
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3384 -ip 3384
1⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4852 -ip 4852
1⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6056 -ip 6056
1⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2272 -ip 2272
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4372 -ip 4372
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 1108 -ip 1108
1⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 3604 -ip 3604
1⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5444 -ip 5444
1⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 8148 -ip 8148
1⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 5716 -ip 5716
1⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 60 -ip 60
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5676 -ip 5676
1⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 7680 -ip 7680
1⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 3576 -ip 3576
1⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 7520 -ip 7520
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 8036 -ip 8036
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6952 -ip 6952
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 8100 -ip 8100
1⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3616 -ip 3616
1⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5732 -ip 5732
1⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 7760 -ip 7760
1⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 7932 -ip 7932
1⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5508 -ip 5508
1⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 8104 -ip 8104
1⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7568 -ip 7568
1⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6212 -ip 6212
1⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 7548 -ip 7548
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 1400 -ip 1400
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 7612 -ip 7612
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6084 -ip 6084
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5692 -ip 5692
1⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7196 -ip 7196
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5312 -ip 5312
1⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 1528 -ip 1528
1⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 6908 -ip 6908
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1952 -ip 1952
1⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4876 -ip 4876
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5704 -ip 5704
1⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 5404 -ip 5404
1⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 924 -ip 924
1⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 5364 -ip 5364
1⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6820 -ip 6820
1⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 5980 -ip 5980
1⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 5392 -ip 5392
1⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4536 -ip 4536
1⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2608 -ip 2608
1⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 5680 -ip 5680
1⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 5636 -ip 5636
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5868 -ip 5868
1⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6164 -ip 6164
1⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5672 -ip 5672
1⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6172 -ip 6172
1⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6120 -ip 6120
1⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 7136 -ip 7136
1⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 6300 -ip 6300
1⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 7028 -ip 7028
1⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5288 -ip 5288
1⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 6708 -ip 6708
1⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7212 -ip 7212
1⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 7272 -ip 7272
1⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8188 -ip 8188
1⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 8376 -ip 8376
1⤵
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 8768 -ip 8768
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 7608 -ip 7608
1⤵
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5496 -ip 5496
1⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 2368 -ip 2368
1⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 7952 -ip 7952
1⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 7644 -ip 7644
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 2236 -ip 2236
1⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 8464 -ip 8464
1⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 2952 -ip 2952
1⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 8832 -ip 8832
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 8140 -ip 8140
1⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7904 -ip 7904
1⤵
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3272 -ip 3272
1⤵
PID:14912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe

Filesize
468KB

MD5
a3cd2b79d64e5a420324bde58cf7c95d

SHA1
0e07ad342466684e7d0fc1d68250c01d286d9965

SHA256
729b080d011aead210a51b868939be86659529343d36c66f01bd239979a1524e

SHA512
d33cd7586032c73985cf7c786feb77b3f53675605ef9e13819684bffde6f69c66a7fe2f0b1119c2220f1299a76922e6454f8c1e0b700eb15ebf8e14f61913ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe

Filesize
468KB

MD5
c213dd437fe6c3221ecc6cf4d817048f

SHA1
39f7411a06428b447ef40e24636ce8a80dc9f62c

SHA256
c529abbb30ce46dec5c7be11d0595d3e15990fa7b45f58530e39a6a97a9c1613

SHA512
0260858b0b53cc109b72f7b596c41e8182cb56f70e84e74af2ab4e87d5de5831e2e90bc4ab1c5b258936850f6ffbab06519986cbf672a01adb1222cc02532046

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe

Filesize
468KB

MD5
1c46713ff1dbb855ca21dcb9b9f26182

SHA1
866e52fb5076dbeaa321cff74606b7b12b0ea791

SHA256
bf76d9a1633820161a91ab528d25cd6663b2718e613a8726661ffd417132276c

SHA512
4784fa2476ea255b2a1727fa81f74c31cf8342987c6fc386c7615b7492df2cec6d940a40588e8d415106f51d6d53180d0fe32c9c7ad1310f833139aa108b8a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe

Filesize
468KB

MD5
1b0e685016e58549808e099f8db67c66

SHA1
a787de717e552846db4d0593696223ebe35a5f41

SHA256
af1adfbf1502df0ef47199c7bf7ea603317cf6a79080ffdfea8ede56484617f5

SHA512
ddcf0e556c757e9671bdaa81689aec7269ae726a64e2af16c573ee78cd62a9b509e640dff3ab85683182af8932d5c984000609b5b987a081d84009963c06be2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe

Filesize
468KB

MD5
49aa84d1268eef3fa4452f2a9dd0e2ad

SHA1
6000e49fd36caf7867d622db6951f4b0c2b8b416

SHA256
49fdb6d265ee80d3fbf4a48c847077f26c869b009302e07611488269f5079c4f

SHA512
9812a8f08aef867b34290f0f607efa3336bb5c7f0454eec96b41dbe1b22170fcbc9b9bfe54079c5d0cce4c1825ce772133b0aad67f58aa721469185167cb8640

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe

Filesize
468KB

MD5
c095c0a6c04ee9a2a2bf9cb4155cbd7f

SHA1
423c806e292f412f5b35f2aecf210d4c60abcfcf

SHA256
37f6d24a890025475b7bb2682656c6adb8b83db6e97515c1399c086e00c29acc

SHA512
d836a2688b16dc0b1fb3290cec5b50ec1cd617ffd3dcd3af2f3a831a660fb853794b8f9c6b4e09b224a5249b2f79333fcf4fe9cdf3dd99506bab5d1d75d47b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe

Filesize
468KB

MD5
ed76fb115db5eef8c58be5f9e1e872bf

SHA1
5038208501e6eeaf7ec92cbe75ecf68bdd5ee191

SHA256
45e4d48d63d51b8be6cc6865ae4396818ec3571dc77023fab546c03f39aaf1a9

SHA512
ad1cf486f88511400432ec031439f05b73430807c0b00dbfb54838941da5dc148c1ac4b8da5ca8ef9c56fb3f04c77b9e323371be3dc4ddc7e2b5edf73d887c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe

Filesize
468KB

MD5
4dc10fc8ad055fad38e165e5449b4d05

SHA1
9b62953f83fbd0062a61a80e1918fefd3a1eccb7

SHA256
abc7a920c077467fb1562a4d429ecd508018701e0c0187c1824ab21246b40a5c

SHA512
e6fbed4f79dd467d30a4be53de7b6758a6e23bf355580dab2200962742e06dbc35bf1e8900b40cfc427833820d16b9e1b5ebd8da204442282fd86305e6817308

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2518.exe

Filesize
468KB

MD5
bed06f799929911fb6633a6d99717f89

SHA1
f520734746fcfd6bcfc17b186f39cbbfa010e6f8

SHA256
29dbb88cce0771b7da9b74a8c005ad64e980bd8957936df16f711f69b01f6aa2

SHA512
fdbbfd887bbd4b2ebfe1341fbeda4a4d0f6f59dee0bb47dbbe149d669a54869ea7412e36c61e952180e103cb6f4a620e68a78ead5f7c6d1fdcf266a4f6cc0ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe

Filesize
468KB

MD5
dcc439accd400d7be45c8ea57483df0e

SHA1
91d7db58e584be0958ab69a795469def22a7eb5a

SHA256
699ba25ec9819b543be994336b3c69ae37d1f0812576746579f08a7b1980f258

SHA512
2915f5ae348e067d2b72c88687a9ba1e777e7c7bab891b778c14c9ab5fe5387b3dc25092dffc6d159ceac10703139b274380e2196a667e3459438e4c0c5d743e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe

Filesize
468KB

MD5
0569ade7687922d70902d603ed981b38

SHA1
49b840209ab5fe29c42320cf8904ee8ea6765258

SHA256
3778f5b47fc48fd46b1bcb21f3f3c7a0751ab120898cc8db902918f441661180

SHA512
918a681ba7509ada246167cb2a320e4267f350235ca8ae1585c138223d289a4433aec2154c66efb8e287734750d52b42a9e62900111fc07639bc731a17453b71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe

Filesize
468KB

MD5
40cadbc30d85ccb3037b1cebd0e7168e

SHA1
422db1668e3f1348b7e1bb3effc896874eca5819

SHA256
617eb1a1afd10aababe197daf2344e5d5724670368affcb5377df4bdb33997ae

SHA512
47ed6f875b5ce44bf361002161e6d02dee0f9fc8a4d6b119ff5dbe3e6875c77dfaab3488be2ec6cb732f9974b8508c39b8bb3b98e0f4028f0a1d6654c2c51e22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe

Filesize
468KB

MD5
0d46b8b1170c07266f0b445c45371c64

SHA1
79610df7f53702034c911cf653750e3ee08e3a04

SHA256
cbfb7c443fdb9b0a093585db7c2a91fc427bb212997a92b7877ab5edacd0f621

SHA512
e83d2dd34b80e850f453fe7e644151aeffb86a9aa098a6124ca7e6a73b04680671ef0986f9fc0f461fa1d941fefb347fd5763d99e332e64c0c7084ec2e92184a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe

Filesize
468KB

MD5
19f290fb7f739491282835d865dd0b4a

SHA1
9a2ac3b3a4d2c1b0b0edbe21c8bd8800571d2d43

SHA256
2c74f771405500f1ad741cfb8b8c1858a4096f55166b036c631c11fa45dc3ad1

SHA512
9ee0dbd049d8bab6fbcba56537f7eed33d2b125bde86dc6a79685d6d0c02ce51022d3cb7c15fbc3a66aaa12dd002a4fa5afb9d86fa0a314c9ccad2335b4870f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe

Filesize
468KB

MD5
ecc5e8cd00c32cf361f2d362b3003df7

SHA1
4a137d7c164f8a52d084e58ad6e36c4eb11b4086

SHA256
fbf443529191237ac596efa321e2f7b9fa64055df2a4f9390edd9c7d37b0b08e

SHA512
562bafcf57ee0a785098a7df92b60527a2a5bd6bd5198094c466ad77da67fa962c7a779f6e15f7fa343dabba4714e8d51cf0fab2e620a16bf7655391fb716321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe

Filesize
468KB

MD5
55958bd7e5226b4f06843d617299bc96

SHA1
1d2946944c6f545dd6f59a63307b1ef181b476cc

SHA256
12cbcfcf440bea9ffd7b8afae942c752eec7b792e336106ad64f60c6c4134c6d

SHA512
9607aa9af201a15c5b02e83eaeca5dc28c4cbde879414df17fde4a78870d327b03233cc9c990b06b824d21a704e3522394bfa47b60c594094969fe885eb8bdad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe

Filesize
468KB

MD5
f19efe652002546e1d9e386ff7417469

SHA1
1e04d0b0e5b755fc0395299f50f8e7b6d15bef60

SHA256
4b33418a9eda68d37e9ae1d3c9a46aabad2bd8c16c94ba8f0218fba79f23d5d6

SHA512
1a7cd7a91fcd540216566e12cb334272c1737f9c214da3c2ccc44c1c281829b708a568483cd1e188fc6b9ec6318f7e5b67e479f3c6dec8bb1b92e241bf41337f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe

Filesize
468KB

MD5
f229cda5752c3becdec4731e0b30f49b

SHA1
fff355febd3fb7be88ac4afbcad77ff8268f4f0f

SHA256
08200213caea7dede4ab9dcb0b28a5f3bdccc91906ef97c4b92821cd62aab23e

SHA512
cb2b96f11bb66662a7c87974951d557aac806f139ef6570e321b60cd6db19b5163da11a4edc41cd8cafc9ed9fd3174b3127b2866be08c285790966840e97e9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe

Filesize
468KB

MD5
878015a0ba120c894eca2ca691ffd031

SHA1
f767041549e9e9742f723443f18942242c6d45d2

SHA256
da06f8f2586458033ff4b234dba43edc61c7b6dfbb609b0a223053460ecb01d6

SHA512
caf08c5a51f1473d4434453e1ea1ee55951299c4b96f4104a28e79981318b0028d1b981e9f7076cdd55efa936654dbf3e58b4b2219f4f9825dbc9d91f7fc863f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe

Filesize
468KB

MD5
bffdd3cc163f5960dae83e072621b7cb

SHA1
f9c5dedbcca28a13d204e81cd3ed5d5cb263e6d7

SHA256
dfebc7b163562302144be48ce1476cd69d1c731980c9ef51882ec1b6bd06df75

SHA512
3952fcd207964ed6654e0c69b4cbf42613e4dcee1bd9e9953d170d1e0379f0cf2854b1d2b2072457b4683ab153abd3e1f85e25a73f7d191791e4a79a7b4532ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe

Filesize
468KB

MD5
fd5a1c4fd1aa6ce89002f7a9fdbdd855

SHA1
91bae074e36c2285e7d214af8cb344fddf53ae95

SHA256
fb26fa729ae135a21f291ed6b6adab03c2101092db667aff18fcddfa71a7d85a

SHA512
a6f5dd5d87a2aee1982092603434b83bc53f5a21288152bb104f61b6dcb2c7afa347fa47377e31f12c6fd15b56a9ebd62ec96e732a4d77f79f9acbcafc80b3d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe

Filesize
468KB

MD5
208dc2588325c68da9a585cf45864628

SHA1
e8b547123ee308640131fe79e82c55fba96e20af

SHA256
63af8ff0bd70efac5a401300c87838d2aa56469eac2ff8e276af5205ceabfef0

SHA512
cd88333d607d1abd84f737b18ae3ca182f61501c11152943141b42526dc07f7890a1ed635c58f69f400237b413c3acbd98a08090fe705b4b9dba52644342b06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe

Filesize
468KB

MD5
cddbcf52612efec4c3916ba141c1dfd6

SHA1
843e9b4e83aba0851dd2564871da6b2594ff716f

SHA256
1e099a98a40f725dafd8a107c6bc9f3e1b31a90698d40f854b8faa9e15aa0145

SHA512
f40bc6bea47f0e772b774a4a68c4f96097b2c1171b9f732ffa133e23d03bcbb78787df2c881ea4d59b6492c258f4b742ca4f216cd40037d62a0ca3a52c8c4f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe

Filesize
468KB

MD5
81341ba5bcebc8e41415409f7899bb60

SHA1
56d7d58f6d744d4b111880bc7cbb65e0e771eb79

SHA256
a726d6aa7eed67caa59934b2719682d0af03c18cb1fa79f1c00bc624ef79c863

SHA512
09d982f6b96b2161d3f225cf0f08355ee06aa6d789ad18e6ac6ab39133ff0c42400aca55b94bf7fe831030b5424654ffd0083c812c1864b007575d47dc362308

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe

Filesize
468KB

MD5
c5e36783bf08e187b4ad9e4314b031da

SHA1
24103c421f27d182b0ca3703ebcb5643b5d2b9e9

SHA256
553669fc1800769bc5c779dd7e8957ca4221a6ca0c09010b804f904da877d6a9

SHA512
c1dc4b947600dc51350039d718259fc91b41522ea1cd4faa020c6bfb30060ba9054a8dcdb3d4042b4bee781d461c04eafac71eb12b7be0e3c175b9572bfb578b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe

Filesize
468KB

MD5
fdf123f4e47d157ba3cbd0f5898a48a4

SHA1
942e4e3375f353d62cef9805a7b4cbdaa0226e79

SHA256
ec0745d8997772c044a895b61dac70247d9b6396a6442b78eb3632959083c57a

SHA512
375ac003a3542edef2463694be1ea7b4831046eadd39b64156c0a128fce1d6eaaf771731900a1187b6cf96889570b97bf50b470b3329bc97096dc25615d44941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe

Filesize
468KB

MD5
4a6a12214b5c44a43fa99f56377071dc

SHA1
a06bb6b78ce5523244265b74f8542078a09d0a37

SHA256
a3e1c87e2ebdedfa8c4948fe0448a78b927eb28214eb6622feeddd97195912bf

SHA512
0b2797932e193c2eafcc5c04663b4f46e3204c5b467039edfddcdc021a97417cdacdc62ec1f9c096edae2ab5037a991a2e9858ed2b35e28d637b2b6f7170ce1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe

Filesize
468KB

MD5
62737d8fc92eccbf8eb0fd4b3c105b2b

SHA1
4b62a964def040b01b500a34519ea0b5a35acee6

SHA256
7fa6d4be04c1e94c9252496449983d07189459a4832070b46cd1d026c7c359d3

SHA512
0278332fd3eceb8c5c2511f90ac39688ed862506aee76e9a39400e9cec30356efbedc95554990abee629225511212604a9cec21364f7562d698cde04229c1324

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe

Filesize
468KB

MD5
21d1474f4d38d1ff4c95236f421cc8f4

SHA1
5861718da797deb3d827566c78ffba690194584e

SHA256
6d244be5fd42daad6072177d9bba7bd98c902ff4d5a8195beaa9a9824a9819b7

SHA512
58ead77c35374c9c2e1332a05a0e1539626cfed2631c70af139c63b8ddfaf8485a6a7f0eae07428566751f810d81813f8fe278b267cac89dca86890db13de7ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe

Filesize
468KB

MD5
3a09c0880ddf1d59c61071a65a4db54e

SHA1
21d64ef5f6a1e6c6f467b73029ed4be3947fc80b

SHA256
a8fc38c75ea2a4c9343a417e7155dbbf5ad536d7a26dbd7ec0acc177c3091e04

SHA512
40a6c365439aedd8ba343de0bdb795e4e9d36b1f5cf5eb687c422de23b3f6495a7d7b1a1c2c9cf6887df9b10c4814d9e1d7ca80b32f9dfbc094f494374b1e912

Download Submit