0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8

Analysis

max time kernel
23s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe
Size

468KB
MD5

b8e4258e0c40265ebde3bc7ee9ddc4f0
SHA1

e234bf17ea685af983951139852a032e02a9c419
SHA256

0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8
SHA512

34ec783b271c639babb09852e193b5e12ac7a52b137df5fe427ee3f0abb1026360d6c9d6823d2973627f8017e292f6c076e38edd3f46c550d7f25c21dd33870a
SSDEEP

3072:1d3HoggSIE5TtbY2HzcO3f8/zDcaP0pkJVHeTVryQ65kv7ggEslL:1d3ozMTtxH4O3faY1oQ6qzggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 53 IoCs

pid	Process
872	Unicorn-45620.exe
4088	Unicorn-23228.exe
1436	Unicorn-3362.exe
3764	Unicorn-28415.exe
5016	Unicorn-40667.exe
2784	Unicorn-20801.exe
2888	Unicorn-38621.exe
1920	Unicorn-3837.exe
4872	Unicorn-56375.exe
1932	Unicorn-64543.exe
548	Unicorn-7174.exe
4996	Unicorn-6909.exe
3188	Unicorn-13296.exe
2500	Unicorn-56930.exe
4284	Unicorn-46391.exe
2128	Unicorn-48429.exe
2476	Unicorn-18763.exe
4052	Unicorn-15233.exe
4788	Unicorn-14486.exe
2380	Unicorn-10957.exe
4964	Unicorn-43075.exe
3240	Unicorn-34907.exe
180	Unicorn-51243.exe
1608	Unicorn-58649.exe
2692	Unicorn-50978.exe
740	Unicorn-55327.exe
748	Unicorn-53281.exe
4464	Unicorn-47714.exe
4392	Unicorn-48503.exe
4760	Unicorn-56671.exe
3316	Unicorn-53142.exe
5100	Unicorn-7205.exe
4908	Unicorn-24959.exe
4708	Unicorn-25513.exe
3216	Unicorn-45379.exe
208	Unicorn-6384.exe
3672	Unicorn-57439.exe
4836	Unicorn-18305.exe
3160	Unicorn-62291.exe
948	Unicorn-4922.exe
212	Unicorn-33511.exe
2296	Unicorn-8045.exe
4268	Unicorn-17729.exe
772	Unicorn-29981.exe
4164	Unicorn-63635.exe
1488	Unicorn-14434.exe
624	Unicorn-20556.exe
1192	Unicorn-14989.exe
2144	Unicorn-42261.exe
4176	Unicorn-34855.exe
4048	Unicorn-31325.exe
3308	Unicorn-50926.exe
1732	Unicorn-49145.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2788	748	WerFault.exe	113
1100	180	WerFault.exe	110
1968	2692	WerFault.exe	111
2164	3672	WerFault.exe	124
4596	180	WerFault.exe	110
5160	748	WerFault.exe	113
5604	3272	WerFault.exe	149
5796	2692	WerFault.exe	111
5600	4176	WerFault.exe	137
7144	3316	WerFault.exe	118
6932	4376	WerFault.exe	189
7836	4580	WerFault.exe	148
7524	208	WerFault.exe	123
8676	5464	WerFault.exe	276
8664	5988	WerFault.exe	223
8612	5628	WerFault.exe	210
7712	548	WerFault.exe	98
9120	4392	WerFault.exe	116
8940	948	WerFault.exe	127
9208	4268	WerFault.exe	130
668	2144	WerFault.exe	138
8984	2784	WerFault.exe	94
2532	4708	WerFault.exe	122
9528	6884	WerFault.exe	339
10236	2744	WerFault.exe	268
10212	5248	WerFault.exe	254
9680	2164	WerFault.exe	247
8620	5196	WerFault.exe	234
8720	4104	WerFault.exe	177
9304	4432	WerFault.exe	355
9428	6448	WerFault.exe	319
9416	6468	WerFault.exe	320
9392	1856	WerFault.exe	331
9384	5636	WerFault.exe	344
9372	5424	WerFault.exe	316
9364	6652	WerFault.exe	338
10196	3004	WerFault.exe	175
8896	4128	WerFault.exe	179
7328	2500	WerFault.exe	347
8768	7068	WerFault.exe	363
1060	7504	WerFault.exe	374
10032	7660	WerFault.exe	381
10352	4488	WerFault.exe	361
10464	6200	WerFault.exe	281
10496	7692	WerFault.exe	413
1284	5248	WerFault.exe	254
11980	5640	WerFault.exe	211
12256	7456	WerFault.exe	372
12052	5572	WerFault.exe	256
12040	7292	WerFault.exe	431
11920	684	WerFault.exe	274
6336	7576	WerFault.exe	376
6804	5848	WerFault.exe	219
11096	8124	WerFault.exe	432
10392	7740	WerFault.exe	419
6492	7748	WerFault.exe	420
10620	7184	WerFault.exe	414
1620	7268	WerFault.exe	406
11216	5796	WerFault.exe	409
9412	7656	WerFault.exe	450
4044	6364	WerFault.exe	288
4420	5100	WerFault.exe	119
10372	6408	WerFault.exe	289
5592	6668	WerFault.exe	322

System Location Discovery: System Language Discovery 1 TTPs 54 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31325.exe

Suspicious use of SetWindowsHookEx 54 IoCs

pid	Process
3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe
872	Unicorn-45620.exe
4088	Unicorn-23228.exe
1436	Unicorn-3362.exe
3764	Unicorn-28415.exe
5016	Unicorn-40667.exe
2888	Unicorn-38621.exe
2784	Unicorn-20801.exe
1920	Unicorn-3837.exe
4872	Unicorn-56375.exe
1932	Unicorn-64543.exe
548	Unicorn-7174.exe
4996	Unicorn-6909.exe
2500	Unicorn-56930.exe
3188	Unicorn-13296.exe
4284	Unicorn-46391.exe
2128	Unicorn-48429.exe
2476	Unicorn-18763.exe
4052	Unicorn-15233.exe
4788	Unicorn-14486.exe
3240	Unicorn-34907.exe
4964	Unicorn-43075.exe
2380	Unicorn-10957.exe
2692	Unicorn-50978.exe
1608	Unicorn-58649.exe
740	Unicorn-55327.exe
748	Unicorn-53281.exe
180	Unicorn-51243.exe
4464	Unicorn-47714.exe
4392	Unicorn-48503.exe
4760	Unicorn-56671.exe
5100	Unicorn-7205.exe
3316	Unicorn-53142.exe
4908	Unicorn-24959.exe
3216	Unicorn-45379.exe
4708	Unicorn-25513.exe
208	Unicorn-6384.exe
3672	Unicorn-57439.exe
4836	Unicorn-18305.exe
3160	Unicorn-62291.exe
948	Unicorn-4922.exe
212	Unicorn-33511.exe
2296	Unicorn-8045.exe
4268	Unicorn-17729.exe
772	Unicorn-29981.exe
4164	Unicorn-63635.exe
1488	Unicorn-14434.exe
624	Unicorn-20556.exe
2144	Unicorn-42261.exe
1192	Unicorn-14989.exe
4176	Unicorn-34855.exe
4048	Unicorn-31325.exe
3308	Unicorn-50926.exe
1732	Unicorn-49145.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 872	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	85
PID 3012 wrote to memory of 872	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	85
PID 3012 wrote to memory of 872	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	85
PID 872 wrote to memory of 4088	872	Unicorn-45620.exe	87
PID 872 wrote to memory of 4088	872	Unicorn-45620.exe	87
PID 872 wrote to memory of 4088	872	Unicorn-45620.exe	87
PID 3012 wrote to memory of 1436	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	88
PID 3012 wrote to memory of 1436	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	88
PID 3012 wrote to memory of 1436	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	88
PID 4088 wrote to memory of 3764	4088	Unicorn-23228.exe	91
PID 4088 wrote to memory of 3764	4088	Unicorn-23228.exe	91
PID 4088 wrote to memory of 3764	4088	Unicorn-23228.exe	91
PID 1436 wrote to memory of 5016	1436	Unicorn-3362.exe	92
PID 1436 wrote to memory of 5016	1436	Unicorn-3362.exe	92
PID 1436 wrote to memory of 5016	1436	Unicorn-3362.exe	92
PID 872 wrote to memory of 2784	872	Unicorn-45620.exe	94
PID 872 wrote to memory of 2784	872	Unicorn-45620.exe	94
PID 872 wrote to memory of 2784	872	Unicorn-45620.exe	94
PID 3012 wrote to memory of 2888	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	93
PID 3012 wrote to memory of 2888	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	93
PID 3012 wrote to memory of 2888	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	93
PID 4088 wrote to memory of 1920	4088	Unicorn-23228.exe	95
PID 4088 wrote to memory of 1920	4088	Unicorn-23228.exe	95
PID 4088 wrote to memory of 1920	4088	Unicorn-23228.exe	95
PID 2888 wrote to memory of 4872	2888	Unicorn-38621.exe	96
PID 2888 wrote to memory of 4872	2888	Unicorn-38621.exe	96
PID 2888 wrote to memory of 4872	2888	Unicorn-38621.exe	96
PID 5016 wrote to memory of 1932	5016	Unicorn-40667.exe	97
PID 5016 wrote to memory of 1932	5016	Unicorn-40667.exe	97
PID 5016 wrote to memory of 1932	5016	Unicorn-40667.exe	97
PID 2784 wrote to memory of 548	2784	Unicorn-20801.exe	98
PID 2784 wrote to memory of 548	2784	Unicorn-20801.exe	98
PID 2784 wrote to memory of 548	2784	Unicorn-20801.exe	98
PID 3012 wrote to memory of 4996	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	99
PID 3012 wrote to memory of 4996	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	99
PID 3012 wrote to memory of 4996	3012	0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe	99
PID 872 wrote to memory of 3188	872	Unicorn-45620.exe	101
PID 872 wrote to memory of 3188	872	Unicorn-45620.exe	101
PID 872 wrote to memory of 3188	872	Unicorn-45620.exe	101
PID 1436 wrote to memory of 2500	1436	Unicorn-3362.exe	100
PID 1436 wrote to memory of 2500	1436	Unicorn-3362.exe	100
PID 1436 wrote to memory of 2500	1436	Unicorn-3362.exe	100
PID 1920 wrote to memory of 4284	1920	Unicorn-3837.exe	102
PID 1920 wrote to memory of 4284	1920	Unicorn-3837.exe	102
PID 1920 wrote to memory of 4284	1920	Unicorn-3837.exe	102
PID 4088 wrote to memory of 2128	4088	Unicorn-23228.exe	103
PID 4088 wrote to memory of 2128	4088	Unicorn-23228.exe	103
PID 4088 wrote to memory of 2128	4088	Unicorn-23228.exe	103
PID 4872 wrote to memory of 2476	4872	Unicorn-56375.exe	104
PID 4872 wrote to memory of 2476	4872	Unicorn-56375.exe	104
PID 4872 wrote to memory of 2476	4872	Unicorn-56375.exe	104
PID 2888 wrote to memory of 4052	2888	Unicorn-38621.exe	105
PID 2888 wrote to memory of 4052	2888	Unicorn-38621.exe	105
PID 2888 wrote to memory of 4052	2888	Unicorn-38621.exe	105
PID 1932 wrote to memory of 4788	1932	Unicorn-64543.exe	106
PID 1932 wrote to memory of 4788	1932	Unicorn-64543.exe	106
PID 1932 wrote to memory of 4788	1932	Unicorn-64543.exe	106
PID 2500 wrote to memory of 4964	2500	Unicorn-56930.exe	109
PID 2500 wrote to memory of 4964	2500	Unicorn-56930.exe	109
PID 2500 wrote to memory of 4964	2500	Unicorn-56930.exe	109
PID 5016 wrote to memory of 2380	5016	Unicorn-40667.exe	108
PID 5016 wrote to memory of 2380	5016	Unicorn-40667.exe	108
PID 5016 wrote to memory of 2380	5016	Unicorn-40667.exe	108
PID 3188 wrote to memory of 3240	3188	Unicorn-13296.exe	107

C:\Users\Admin\AppData\Local\Temp\0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe
"C:\Users\Admin\AppData\Local\Temp\0c9d22825ce979b84b93cbebcd9bf0690b1fdda515863cd2aa77a519aa9adaa8N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
        7⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 740
        7⤵
        Program crash
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        7⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 740
        7⤵
        Program crash
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        9⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        10⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        9⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        8⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 660
        7⤵
        Program crash
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        6⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 640
        7⤵
        Program crash
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 640
        7⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        6⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        6⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        9⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        11⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        11⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        10⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 624
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
        9⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        9⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
        10⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        9⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 632
        10⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
        9⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        9⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        9⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
        9⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        7⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 636
        8⤵
        Program crash
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        7⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 636
        8⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        7⤵
        
        PID:5820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 748
        6⤵
        Program crash
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        5⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        6⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        8⤵
        
        PID:9392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 744
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50650.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        6⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 636
        7⤵
        Program crash
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        6⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        6⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 632
        7⤵
        Program crash
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        6⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        7⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        6⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        5⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        8⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 644
        9⤵
        Program crash
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 720
        8⤵
        Program crash
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 720
        8⤵
        Program crash
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        7⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 636
        8⤵
        Program crash
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        7⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        6⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 636
        7⤵
        Program crash
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        6⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        7⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
        6⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        6⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        5⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        5⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        7⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 636
        8⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
        7⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        7⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        6⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        6⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 640
        7⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        7⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        6⤵
        
        PID:12964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 656
        5⤵
        Program crash
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        9⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 636
        10⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        9⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        9⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        9⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        8⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        9⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49482.exe
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10656.exe
        7⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        7⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 636
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        6⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        7⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        6⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18076.exe
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        6⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        6⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48169.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        5⤵
        
        PID:1856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 644
        6⤵
        Program crash
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        6⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 464
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58522.exe
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        5⤵
        
        PID:7308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 632
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        5⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        6⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        5⤵
        
        PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
      4⤵
      PID:12492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 180 -s 628
        6⤵
        Program crash
        
        PID:1100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 180 -s 628
        6⤵
        Program crash
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        10⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        9⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        9⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        7⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 636
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33520.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
        7⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 636
        8⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 656
        7⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        6⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 632
        7⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        6⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        5⤵
        
        PID:3264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 660
        5⤵
        Program crash
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 636
        6⤵
        Program crash
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        8⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 632
        9⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        9⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        7⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        7⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        7⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        6⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
        7⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        7⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        6⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        5⤵
        
        PID:5928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 644
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        5⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        5⤵
        
        PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
      4⤵
      PID:6460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 712
      4⤵
      Program crash
      PID:8984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        6⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        9⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 632
        10⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 636
        9⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
        8⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 656
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        7⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 636
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        7⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        6⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 632
        7⤵
        Program crash
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        6⤵
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 640
        7⤵
        
        PID:2464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 628
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        6⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 628
        7⤵
        
        PID:9932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 724
        6⤵
        Program crash
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        5⤵
        
        PID:7740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 636
        6⤵
        Program crash
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        5⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
        6⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        5⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        7⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 636
        8⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 652
        7⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        6⤵
        
        PID:440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 640
        7⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        6⤵
        
        PID:13716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 740
        5⤵
        Program crash
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
      4⤵
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
      4⤵
      PID:684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 632
        5⤵
        Program crash
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
      4⤵
      PID:7748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 628
        5⤵
        Program crash
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
      4⤵
      PID:9972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 636
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
      4⤵
      PID:14388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 636
      4⤵
      Program crash
      PID:1968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 636
      4⤵
      Program crash
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        6⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 636
        7⤵
        Program crash
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        7⤵
        
        PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
      4⤵
      PID:6228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 720
      4⤵
      Program crash
      PID:668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
    3⤵
    PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
      4⤵
      PID:6236
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 664
      4⤵
      Program crash
      PID:8612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
    3⤵
    PID:6248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 628
      4⤵
      PID:12560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
    3⤵
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        5⤵
        
        PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
      4⤵
      PID:14868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
    3⤵
    PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
    3⤵
    PID:12412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
    3⤵
    PID:13500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 636
        7⤵
        Program crash
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        7⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 636
        8⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 744
        7⤵
        
        PID:12916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 512
        6⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        7⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        5⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
        8⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 632
        9⤵
        Program crash
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        9⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        9⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        9⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 768
        8⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        7⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 636
        8⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
        8⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        7⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        8⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        5⤵
        
        PID:2500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 636
        6⤵
        Program crash
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32979.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        6⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        9⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 644
        10⤵
        Program crash
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
        10⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
        8⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 636
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        8⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 732 -s 624
        7⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        5⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        6⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        6⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        7⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        5⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        6⤵
        
        PID:14808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 752
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        7⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 636
        8⤵
        Program crash
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        7⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 636
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        7⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 504
        7⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
        6⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 640
        7⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        8⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        7⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
        6⤵
        
        PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        5⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        6⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 632
        7⤵
        
        PID:8820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 756
        6⤵
        Program crash
        
        PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
      4⤵
      PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
      4⤵
      PID:7184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 624
        5⤵
        Program crash
        
        PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
      4⤵
      PID:14516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        6⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        7⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        5⤵
        
        PID:4376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 640
        6⤵
        Program crash
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        5⤵
        
        PID:7504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 640
        6⤵
        Program crash
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        5⤵
        
        PID:8972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 624
        6⤵
        
        PID:13036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 752
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        6⤵
        
        PID:1924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 624
        6⤵
        Program crash
        
        PID:8720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 636
      4⤵
      Program crash
      PID:2788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 656
      4⤵
      Program crash
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
      4⤵
      PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
    3⤵
    PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        6⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 636
        7⤵
        
        PID:12980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 632
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        5⤵
        
        PID:8072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 748
        5⤵
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
      4⤵
      PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        5⤵
        
        PID:9220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 660
        5⤵
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15544.exe
      4⤵
      PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
      4⤵
      PID:11748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
    3⤵
    PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
    3⤵
    PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
      4⤵
      PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
    3⤵
    PID:11876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
    3⤵
    PID:14344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        6⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        
        PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        9⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 636
        10⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 744
        9⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        9⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        8⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        7⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 636
        8⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 628
        7⤵
        Program crash
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 628
        7⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        6⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 636
        7⤵
        Program crash
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        6⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 636
        7⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
        6⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        5⤵
        
        PID:6108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 648
        5⤵
        Program crash
        
        PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
        8⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 636
        9⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        8⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        6⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 636
        7⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
        6⤵
        
        PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        6⤵
        
        PID:432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 636
        7⤵
        
        PID:9740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 724
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        5⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        5⤵
        
        PID:9828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 624
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        6⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        7⤵
        
        PID:14984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 736
        5⤵
        Program crash
        
        PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
      4⤵
      PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        5⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
      4⤵
      PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
        5⤵
        
        PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
      4⤵
      PID:13128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        5⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        7⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 744
        7⤵
        Program crash
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
        6⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
        7⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        7⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        6⤵
        
        PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
      4⤵
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        8⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 632
        9⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 632
        9⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 720
        8⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 640
        7⤵
        Program crash
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        7⤵
        
        PID:10468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 760
        6⤵
        Program crash
        
        PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        5⤵
        
        PID:7292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 632
        6⤵
        Program crash
        
        PID:12040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 628
        5⤵
        Program crash
        
        PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
      4⤵
      PID:1568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 640
        5⤵
        
        PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      4⤵
      PID:8784
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 784
      4⤵
      PID:13016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
      4⤵
      PID:1656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 772
      4⤵
      Program crash
      PID:7524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
    3⤵
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
      4⤵
      PID:5860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
    3⤵
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        6⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        7⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        6⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        6⤵
        
        PID:6972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 664
      4⤵
      Program crash
      PID:10236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
    3⤵
    PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
      4⤵
      PID:5604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 636
        5⤵
        
        PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
    3⤵
    PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
      4⤵
      PID:12600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
    3⤵
    PID:11240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
    3⤵
    PID:12608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 636
        9⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 636
        8⤵
        Program crash
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        7⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 640
        8⤵
        Program crash
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        7⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
        7⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        6⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 640
        7⤵
        Program crash
        
        PID:9304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 672
        6⤵
        Program crash
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        5⤵
        
        PID:6328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 636
        5⤵
        
        PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        6⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        5⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        6⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64822.exe
        5⤵
        
        PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        6⤵
        
        PID:14456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 636
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
      4⤵
      PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
      4⤵
      PID:14824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        5⤵
        
        PID:7576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 644
        6⤵
        
        PID:10136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 644
        6⤵
        Program crash
        
        PID:6336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 660
        5⤵
        Program crash
        
        PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
      4⤵
      PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        5⤵
        
        PID:2016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 636
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
      4⤵
      PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        5⤵
        
        PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
      4⤵
      PID:14544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
    3⤵
    PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        5⤵
        
        PID:8172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 636
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        5⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
      4⤵
      PID:12956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
      4⤵
      PID:13908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
    3⤵
    PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
      4⤵
      PID:13528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
    3⤵
    PID:11804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
    3⤵
    PID:14356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
      4⤵
      PID:5464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 640
        5⤵
        Program crash
        
        PID:8676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 636
      4⤵
      Program crash
      PID:8940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
    3⤵
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
    3⤵
    PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
    3⤵
    PID:7692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 636
      4⤵
      Program crash
      PID:10496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
    3⤵
    PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
      4⤵
      PID:6512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
    3⤵
    PID:11856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
    3⤵
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
      4⤵
      PID:6056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 684
      4⤵
      Program crash
      PID:10196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
    3⤵
    PID:6156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
    3⤵
    PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41771.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
      4⤵
      PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        5⤵
        
        PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
    3⤵
    PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
      4⤵
      PID:11628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
    3⤵
    PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
    3⤵
    PID:9052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
  2⤵
  PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
    3⤵
    PID:4600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 644
      4⤵
      PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
    3⤵
    PID:8472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 636
      4⤵
      PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
    3⤵
    PID:11160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
    3⤵
    PID:13124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
  2⤵
  PID:3796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
  2⤵
  PID:6320
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 636
    3⤵
    PID:10164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
  2⤵
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
    3⤵
    PID:1400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
  2⤵
  PID:10980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
  2⤵
  PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 748 -ip 748
1⤵
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 180 -ip 180
1⤵
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2692 -ip 2692
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3672 -ip 3672
1⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 180 -ip 180
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 748 -ip 748
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2500 -ip 2500
1⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1732 -ip 1732
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4048 -ip 4048
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4176 -ip 4176
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3272 -ip 3272
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2500 -ip 2500
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2692 -ip 2692
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4048 -ip 4048
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4176 -ip 4176
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3672 -ip 3672
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1732 -ip 1732
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4564 -ip 4564
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1656 -ip 1656
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1388 -ip 1388
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3076 -ip 3076
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3548 -ip 3548
1⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5052 -ip 5052
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3020 -ip 3020
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4040 -ip 4040
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4568 -ip 4568
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4728 -ip 4728
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2788 -ip 2788
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4564 -ip 4564
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3076 -ip 3076
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 768 -ip 768
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4376 -ip 4376
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1388 -ip 1388
1⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3316 -ip 3316
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5216 -ip 5216
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5368 -ip 5368
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5132 -ip 5132
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1656 -ip 1656
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3020 -ip 3020
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3548 -ip 3548
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5052 -ip 5052
1⤵
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4568 -ip 4568
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1828 -ip 1828
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4040 -ip 4040
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4728 -ip 4728
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4836 -ip 4836
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 3160 -ip 3160
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 208 -ip 208
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3308 -ip 3308
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 624 -ip 624
1⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3216 -ip 3216
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 212 -ip 212
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4164 -ip 4164
1⤵
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4908 -ip 4908
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 772 -ip 772
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4580 -ip 4580
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2476 -ip 2476
1⤵
PID:1836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 2788 -ip 2788
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 768 -ip 768
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3272 -ip 3272
1⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6036 -ip 6036
1⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6020 -ip 6020
1⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5820 -ip 5820
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5216 -ip 5216
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5436 -ip 5436
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5228 -ip 5228
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5208 -ip 5208
1⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5860 -ip 5860
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6056 -ip 6056
1⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5728 -ip 5728
1⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1924 -ip 1924
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2172 -ip 2172
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1700 -ip 1700
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4756 -ip 4756
1⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1332 -ip 1332
1⤵
PID:180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 3008 -ip 3008
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5132 -ip 5132
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5368 -ip 5368
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5412 -ip 5412
1⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 3796 -ip 3796
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1828 -ip 1828
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 3452 -ip 3452
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 4984 -ip 4984
1⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6356 -ip 6356
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3700 -ip 3700
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4104 -ip 4104
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 3004 -ip 3004
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5756 -ip 5756
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5944 -ip 5944
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3160 -ip 3160
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 624 -ip 624
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4908 -ip 4908
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4836 -ip 4836
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3216 -ip 3216
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1100 -ip 1100
1⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 3308 -ip 3308
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 208 -ip 208
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 212 -ip 212
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2084 -ip 2084
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4340 -ip 4340
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5652 -ip 5652
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7072 -ip 7072
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 4164 -ip 4164
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6228 -ip 6228
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6460 -ip 6460
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6336 -ip 6336
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 4596 -ip 4596
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3264 -ip 3264
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7032 -ip 7032
1⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6164 -ip 6164
1⤵
PID:668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7000 -ip 7000
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6236 -ip 6236
1⤵
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6016 -ip 6016
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6328 -ip 6328
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6156 -ip 6156
1⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6108 -ip 6108
1⤵
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5692 -ip 5692
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 684 -ip 684
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5464 -ip 5464
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2476 -ip 2476
1⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 6036 -ip 6036
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6020 -ip 6020
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 772 -ip 772
1⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5436 -ip 5436
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5860 -ip 5860
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 5228 -ip 5228
1⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7012 -ip 7012
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5208 -ip 5208
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5728 -ip 5728
1⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5820 -ip 5820
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6248 -ip 6248
1⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 1924 -ip 1924
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 6056 -ip 6056
1⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6260 -ip 6260
1⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5664 -ip 5664
1⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 2172 -ip 2172
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5360 -ip 5360
1⤵
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 1700 -ip 1700
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1488 -ip 1488
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 2784 -ip 2784
1⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 4268 -ip 4268
1⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2144 -ip 2144
1⤵
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 948 -ip 948
1⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4708 -ip 4708
1⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 4392 -ip 4392
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 548 -ip 548
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5988 -ip 5988
1⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1332 -ip 1332
1⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5628 -ip 5628
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 4756 -ip 4756
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 3008 -ip 3008
1⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5412 -ip 5412
1⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 3796 -ip 3796
1⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3452 -ip 3452
1⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6356 -ip 6356
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4984 -ip 4984
1⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 3700 -ip 3700
1⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4104 -ip 4104
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5756 -ip 5756
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3004 -ip 3004
1⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5944 -ip 5944
1⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6652 -ip 6652
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5424 -ip 5424
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5636 -ip 5636
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 1100 -ip 1100
1⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1856 -ip 1856
1⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6468 -ip 6468
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6244 -ip 6244
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 6448 -ip 6448
1⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 6884 -ip 6884
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 2084 -ip 2084
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 4340 -ip 4340
1⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5652 -ip 5652
1⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6336 -ip 6336
1⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7072 -ip 7072
1⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6460 -ip 6460
1⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6228 -ip 6228
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4596 -ip 4596
1⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6164 -ip 6164
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 7032 -ip 7032
1⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4432 -ip 4432
1⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3264 -ip 3264
1⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5196 -ip 5196
1⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 2164 -ip 2164
1⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5248 -ip 5248
1⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 2744 -ip 2744
1⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6236 -ip 6236
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6016 -ip 6016
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 7000 -ip 7000
1⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6156 -ip 6156
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6328 -ip 6328
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5692 -ip 5692
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6108 -ip 6108
1⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 684 -ip 684
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4128 -ip 4128
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 2500 -ip 2500
1⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7660 -ip 7660
1⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7504 -ip 7504
1⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 7068 -ip 7068
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4600 -ip 4600
1⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 7012 -ip 7012
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5344 -ip 5344
1⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 7696 -ip 7696
1⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 7576 -ip 7576
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 8180 -ip 8180
1⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5560 -ip 5560
1⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7872 -ip 7872
1⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6320 -ip 6320
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 1568 -ip 1568
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 4488 -ip 4488
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6248 -ip 6248
1⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 732 -ip 732
1⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5664 -ip 5664
1⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6260 -ip 6260
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 1488 -ip 1488
1⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5360 -ip 5360
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4788 -ip 4788
1⤵
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6668 -ip 6668
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6408 -ip 6408
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5100 -ip 5100
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6364 -ip 6364
1⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6200 -ip 6200
1⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7656 -ip 7656
1⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5796 -ip 5796
1⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 7268 -ip 7268
1⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7184 -ip 7184
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7748 -ip 7748
1⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7692 -ip 7692
1⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 8124 -ip 8124
1⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7740 -ip 7740
1⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3316 -ip 3316
1⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 5640 -ip 5640
1⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7292 -ip 7292
1⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5572 -ip 5572
1⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4376 -ip 4376
1⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7456 -ip 7456
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5848 -ip 5848
1⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 6076 -ip 6076
1⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 1312 -ip 1312
1⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7220 -ip 7220
1⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7448 -ip 7448
1⤵
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4456 -ip 4456
1⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7560 -ip 7560
1⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 7848 -ip 7848
1⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7716 -ip 7716
1⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7276 -ip 7276
1⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 4580 -ip 4580
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 9012 -ip 9012
1⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 8704 -ip 8704
1⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7232 -ip 7232
1⤵
PID:13864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 8972 -ip 8972
1⤵
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 9048 -ip 9048
1⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 8824 -ip 8824
1⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 9160 -ip 9160
1⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 9144 -ip 9144
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308
1⤵
PID:13772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 8840 -ip 8840
1⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 996 -ip 996
1⤵
PID:14560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 8860 -ip 8860
1⤵
PID:14604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 9040 -ip 9040
1⤵
PID:14872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 8636 -ip 8636
1⤵
PID:15100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 440 -ip 440
1⤵
PID:15232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 9184 -ip 9184
1⤵
PID:15272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 7920 -ip 7920
1⤵
PID:15280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 8472 -ip 8472
1⤵
PID:15300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 8016 -ip 8016
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 8172 -ip 8172
1⤵
PID:14380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 7784 -ip 7784
1⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 5928 -ip 5928
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 2912 -ip 2912
1⤵
PID:14752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 8880 -ip 8880
1⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 9124 -ip 9124
1⤵
PID:14652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2380 -ip 2380
1⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 4964 -ip 4964
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 9972 -ip 9972
1⤵
PID:14624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 1644 -ip 1644
1⤵
PID:14632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5324 -ip 5324
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6472 -ip 6472
1⤵
PID:14648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5788 -ip 5788
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4128 -ip 4128
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2144 -ip 2144
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5988 -ip 5988
1⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4268 -ip 4268
1⤵
PID:14768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 2784 -ip 2784
1⤵
PID:13500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 4708 -ip 4708
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 548 -ip 548
1⤵
PID:14608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 5628 -ip 5628
1⤵
PID:6168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe

Filesize
468KB

MD5
edbfc2dfa19267b31d02c4c651f45b02

SHA1
ce6719b57389fb5cd24d879c837ea656226eb3e8

SHA256
97d3e132677d5d6c14fe0a894bd565236cc5ab2e4a72b6b4f30348d6ea9e82c7

SHA512
e794b9fd208801946ef8653e45e5b9b69c8251af530594099b0c6f7a72c2c3b6a56bd6e70521e9153097283054999dadb6171c330e31e8a174f19a08920e8cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe

Filesize
468KB

MD5
4620bf38f6d54adeedc5d212da29bbdc

SHA1
d051b157839c164a52304df5e5bda3bc12486198

SHA256
234c880baf5602344a6b5794a2d6b9e89ea421b3338181d795413936b5b63dcf

SHA512
5cd2764f3aecf15d1914917b88ad4ba43a8562d136ec1ce3e7a482ebd606f7553f99f5dfb6928d19e813ec3412cfd9a7931c096305bd1d9d814f6fb6a86c7349

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe

Filesize
468KB

MD5
540309fb61ef89c31d9be92e18c300a1

SHA1
a2c1316da1a58e1ccdad755b8311a2bea86d7987

SHA256
1a91b966923510df5c6d8025ec9063900180885213080d0aa1739b683b2f52b6

SHA512
6e0a8d9a05cbb88fd6550b009b510f67a754fb57c3a7c90cac72688ca2e16ade430d93f8f8fd1de784d44df17978495660fc1c5b2956a89f9a0b408adb0ebf0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe

Filesize
468KB

MD5
9711dfcea5195e6c25248fd4d796ebbb

SHA1
d510233c92eb89c1f01a26373bcb8676a2c8f27c

SHA256
35934f1671dd3d6c21fb9ae3320642477bf6b3c0788b2ac6663fa3d6b50b12ba

SHA512
476d37c424a9598d69545a1bdcacf1e604769ea2707b7b230c1c082697a816c0f798c9be89bacdd0f261c1807393bcb3dd04c4f2550899d9578018e3ec34d408

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe

Filesize
468KB

MD5
bee2d73f38a7f83b469bdb2ff8009ba5

SHA1
0918842f4b82e139922456ba0c122340ff188e31

SHA256
d0059f5707d2694c3def1148b91ca738272e4aced937ae3b39e861cdc9b21ce9

SHA512
1e20c5496def2fdaa665b93047284ddbf9022178aca5dfbd1ee882ac0b95a47955672126f062ac68a870ce5a72238509a13c4b832e35841dbbbe572e72f96f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe

Filesize
468KB

MD5
19dc51f2dfbf2b22fc729c1daa8458e9

SHA1
fc93f7547df83a9269c101ce661f4dc35a59c9a4

SHA256
a08ba7f1b73a2c4da4242bc9a1a6dd893061beaeb9d5f03524cc6e2d0b3ec4ec

SHA512
d2db586a78b142f870f8444e34044d526b2b75889cb4a3faf5ef6c2ad5e447c2d716c677474a6fe82915d4f05dd5a427c30b517f6ddb3144e43264a99a5a502a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe

Filesize
468KB

MD5
c63bfb4eca300e3909b09ae698319f6e

SHA1
8c6e8b8fe4e6e288bf3eb1d5e6bd9c51f27ba12c

SHA256
f3a3d22deb4855b5d5afe4fa76ac10c534f434c973706f74156c40980f63792c

SHA512
67460f33152b15ba42772e7e0bc1a006b91183ced870036606b878f8a284342713c07bea050b9cea734c454ff37b1d62558b134d8dba2c17fe432d9d90878599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe

Filesize
468KB

MD5
243843bd09bf10dbe8b5f10bf2a03b89

SHA1
e8c0da6787b41b84240107113ea64f6bc7df9fe4

SHA256
9cfaef632b555c1d769f3637623af5867ae9bab6d3c21133221bb39ffca12ea3

SHA512
887bc5114faa6bd601e4267e3962f1af2e7e1427a6886f58223d75979966b3585df636f76f69df96101ce635fba198d65ae4fe62de9dfff35ac2ff3385b70e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe

Filesize
468KB

MD5
1f2c38e29d0d6236e60b12d1a8e6ac2c

SHA1
e3c416955adfffdfe3d5a03b3473d31d76a0db78

SHA256
1480714c5bb675b5a710fc0fd62c3860e069ec02ae680800703a1410503c1e3b

SHA512
6b8b30d01cdf2322a73c462145e91b0671211a42a2c3f9be5ce305a7ddac5717ed267fa99b3eb945467f8c0b02c4e817e69de105740eb218a374578cdd94f7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe

Filesize
468KB

MD5
2745692cab977927879e693a56978807

SHA1
27a2b9cca2fdb803bf0c06d0495f84f2b8c3b3b1

SHA256
74483630a7bd26881ba7965da68182a04ef3298c9133561ac62bc8474c8cc58f

SHA512
487e01ad248531b15d9011b7a05ad8ff952c4e5df93247bee261c3d886ecabe3b01745cffa5bb4be5bbcf49a07513e0dc4f34a1a755c8a144d4880f1e0790021

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe

Filesize
468KB

MD5
82e656ad3c0fd611ae28c4984ee78dee

SHA1
9cde48bed247e60f479958f13414296cd7e85eef

SHA256
d2aef6010179bb9d1faa6c46ff9e0090e5f42eaa9b8d6573677abe848bd8c9bc

SHA512
4593d6d60ad8a9227bf0de91f9dcd6d173549378b2f59f6329ceac9985d1d0c14ade7b7c567056ee25c819857b95e3a880cb50afc58aed64ffad86824f4287cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe

Filesize
468KB

MD5
30683c50466248f8769898f2e5fb66a7

SHA1
13e10b03e83ca802091c4a53a11123e1fcb48c88

SHA256
1f02107540ab2c9a22f959528dcc913534e8a3b213374b44430124b435777205

SHA512
ecaaaaa9bf02feccd6bc12fae2216973b77a3030ce721f0ec85b7f53b6ee3cf64013093f802d2ea3a7ab450e70e4a38ab9e5164fd7cd765b495650ed55682e58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe

Filesize
468KB

MD5
3a55f9ea848d45bea9d8414e05f40eea

SHA1
94e5f9b2b13ace28d915e5ebb047d4c4e4b6f350

SHA256
eb91c4c82984c646f2ea42bbc58bd26dd8d8c915abfb5af8462117fce4b46b7f

SHA512
979eb74479352da866f6d1e802b48e5576ab7c0a2ad343c92f8964f799a579d1d8756c330bd216522e5a233fbb9324b81f92b1389f46026687344b115a746bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe

Filesize
468KB

MD5
265f98c006d7f67cf2390cf886490093

SHA1
c88e05310d86c3e44a97371ff90858a00358b97c

SHA256
8b624fc77762cbe7755b32f9c81f3613f4f8fea5eb3614aacd274f6ca1f750f7

SHA512
f41ee87b582a1378a6f1c9a3b45faec1a3de3827098dd1aeb25b889b2f19ccfd69c526020c16b2b2cde93386cee0f2060296e56c37aeb2001f9d94377ddad0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe

Filesize
468KB

MD5
693149f308e381c95a4c57436947aa96

SHA1
d1b7c907cad5404f168cf23425b496147b023da7

SHA256
71a24abba51ee7c904098f7addb9eee840f95ef1d156066b5a8b4dd5b3b07871

SHA512
8be1247eb80f602c9995f92af1d774215c78e0b39f6671efcf80fd543d8ade8fd6ea9cf897e900b3bf5e79ba7bae3bdc28780ae3b03a5ead8b6a0ffb939401e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe

Filesize
468KB

MD5
a12dc24b788ba1d06435ffaae45c2518

SHA1
ed41da2500b4a1e27f8e793dc2354c43bbd756b0

SHA256
f4af5666307625dac3912d695383a7323c435ad29057c7a6e95c8e5fb13355cf

SHA512
a8b0dadc23feca20ce66633149e999b87a66e30e331cf80bcec00bb819667ee00f0a1761a079235a4c7b45005a978aaf73f4575a100a61a7369e4b28e809c595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe

Filesize
468KB

MD5
260d43fab05dbbd8d9f82655423c66ea

SHA1
42632ea8e814825a79ab010177623da02255c74e

SHA256
45783652e8d72773e01f0997ed9bdcc7ef7f904bab02d9a9bcb5e6e12e610ed8

SHA512
62bc7bd39eb2a96a28e20eec44c817009b7704519d519dad7377772dfa62be10334a34c4c5e8e9864ee32e840cf695af38da8d744e8f5db3dbf805e7cafe73c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe

Filesize
468KB

MD5
264a0a628cda73c9b832f2c3e687bc0b

SHA1
796b71946a7ad119d7370d7a39645cb8a7bf2fb8

SHA256
e18705b836e8023330ac91830360fcf4ba1ee7974da13fc8a6220c7b21c487ca

SHA512
0160e6c72ec70e7bff39ebb2d24936a38ae4d91f00cc04c9ae392ecf8e233bb7789ae50a854cff50214c3e839778bfff0987cba2c15d28ca71aaf02f48c5485f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe

Filesize
468KB

MD5
c08479409439978d54f6f2c594e0c422

SHA1
177fba817efc8753ce0944ef013277031b050154

SHA256
75e1d87bcfa158ad58654e5020321541e3363fd77e1b12063b662919429f6001

SHA512
054c075bae880be866b946f262aee814c349fd545e46ad27bb763a7428d95c33ca703c6895b1ead5f474dfb9816467a6cc6f3b293064c361407f4b0cf04241c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe

Filesize
468KB

MD5
ee7a286fc26b4edc8fd823f6bb86f702

SHA1
ac44afacd1519272e7e700b04aa0fa01ae3542ad

SHA256
cb844078ee35e0cfd66a9154d64d291ddec508145ceafbbc6ce12ab9e0059c84

SHA512
af95c04587f359883ab7fa2cef374a71ebf385c6928e472a8ca4e4615198b89ed8c22aea293eb9feceab56c9ab52a0bee9091c6511d6fde9a1b0e9a1cbcf4226

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe

Filesize
468KB

MD5
002c98157d4198ca4c3ae39ef7edaf9a

SHA1
c72df0c806d70b0bbbb9ae2c4be7f5c9b274e616

SHA256
3d4aafc1eeb8f842be9027e7c43232300ec893d679c8c2167a21009b0e0ea7f2

SHA512
e015ddb0a1dc6670429639a07a51fc3d7f3646fc1f9773f7d38e8da3f3cd58c54af08ff088a41607a290afdbbe1a75e21dac2ee2a4bdecba7841506d18822000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe

Filesize
468KB

MD5
8241a90bad293b5f048f954b581c85a4

SHA1
7c78fa992cf70c5812e2dccdd14aafe872727e7a

SHA256
adba07694fc2f9b4304ec4e59540ce5374574f48372513ba99e4e5d97b041899

SHA512
55cd6fd3904c93b18e1b720d328b58f53d30531dd6cfe6154c5fa1f4a55966962b853b22ff044eb47f49f96c8663f0fbb502c936dc843a8c56cd0eb7641fbd46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe

Filesize
468KB

MD5
0ade3c0433cf79017eaae20f87c10786

SHA1
6ed5cf525cca00ba601abf3dab8acf3700f19074

SHA256
e631b755335c17a470204374dec7b1a7abe33ba44be124256e09fdb3fda86c05

SHA512
7ed1370045517dfe4812d1d1d8f89134216c63ce177c075f875e3b76b83fe93dab52a03f2df4553ce24dc5fba241356beb8b659b72637cf641d88045ac01e44d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe

Filesize
468KB

MD5
a9b364c59dc30f9413399bed032e931c

SHA1
45557163ffbee0dd490c8fc1b1b952275a5be597

SHA256
292da7da41b1d1ac1ab337603e311c7daaff1978a07533eaa98d4d1546c9f1bc

SHA512
c069e61c67a487eee52aeafeb3a2b5c448c1d740adad632cac7332c952a719c1b41b1a1554bb5e2a1cb61b3d130b0d896dffda87c323cc9bd0b634ea160f5d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe

Filesize
468KB

MD5
648ef53ec5d173063ec078b5f1d81dff

SHA1
48bd9f84606146d18df3b43e7ead5d182e685338

SHA256
bf8e8cab97fca036e7234b8cb9d5171b1433d202653984d91e17adf7d879f823

SHA512
582122a121c16c42269bf02fce21a7bb0c6913098556f0e6645675c2b4f644c305e9fbd335e48b88c327d6dbd893dfe2e6ac12c4e5d9367f8e65b911cb19c5da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe

Filesize
468KB

MD5
08f47f6ffa3b1125910450f4cf302160

SHA1
4377dff3781a7909a5115e9e2690c20eaf2e1555

SHA256
05b05fd424288315a4ec43ad2a931efadd8795f3e9727571814b70735189c8e9

SHA512
4a9b2551786f82307901bb45c1bdfa387dbfe51c5ca228f0f616ab9483147ba0aa958b7175959083d96211c45e6c67fa1119967d4273f994513f835a1516181a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe

Filesize
468KB

MD5
afa031d8d635f9566d93a5a23e42689c

SHA1
67534fa88b1216c588d0fb198fa687855454c0e0

SHA256
858aab3b6ea0b472b128b4f6e1a232fbbcdf1bcfc96021f7579a01309e6e356e

SHA512
89afddfb6742f06e948e8dc1ca279d5e7fcefe524fe63d26029876b60ccbf4b291d10d12af01ea658e31c1a0c2586ef3ead5f09dd01ce51b6498086187ae49e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe

Filesize
468KB

MD5
21e6e6c05193bfc0e20710ca544a41be

SHA1
0ce492f2811656b37fcdfeb0d31453243e85d098

SHA256
5f42d68a6139d4d94286c4458277827b66b237269aa17a36469bb280bd1baf4f

SHA512
ebd78f3024d36dc11b13da0fa23c338cf035764e6c46054b6dde198b15ca02ec3cf56c8e11eac4de81ea4a478ab137c788eeebb0141060790403239d10b14bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe

Filesize
468KB

MD5
ba98015f63ad16070877a4271daffb83

SHA1
cdcd00d8469b2112815b8ee62fa8f4607d97deef

SHA256
c08b7701d906a36562a8cd7a5b5efe63b5ca0a20677ff62240475ee935b34b64

SHA512
e1b6f5669792a023c0068ecff2d98e157a89c9f417b9b0f27c09ba27d2db579d516d8714d5a8af88c6a5be83f305e53ecfb5c92e03be11ddfea36973b8f23e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe

Filesize
468KB

MD5
7a6b749c72e0ec9693db5d6a5e5edb72

SHA1
3f46271b95cd5c7d2e5e6d719e884bc2d038f2e7

SHA256
ab49ef75b27676b87f79c1b658a315a9f0f10509071e599164a20fdb1dc8269d

SHA512
807329ecae94bbc3057ee0b16d2dc69251a882c7eca0afb5398f381dd99e00ef4548c227ed3a158a1ca06ae30c00ebc3647a297b87965eca5005289cb4263fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe

Filesize
468KB

MD5
accc1eb68f1d8cd5cc19826a683d9b9a

SHA1
4a8b91ab4093af5ed2e994908ce7d8803d7e29e1

SHA256
9ff36a18e412eba5071bc0de39e370ca2e78aabe32493b2aa403eaa92a1c9068

SHA512
98a37538c5b4603416564246d670c320e2959c9e30a0f7d72101aa07ff4efd72e63ea86664c7fbe06145105e918b3d4579a137c455ee95e404b49408fc667ba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe

Filesize
468KB

MD5
32534b3c90f971c455dfcd343af6d81b

SHA1
39ab79dce7f88b9f36956b320c93f0f75c382591

SHA256
b28e48b84534e92c9d638ad0881912f56dd74682fb23671cf9c30a91b9c76ca6

SHA512
be9cb7dade4763cf65fa1c09974160f4c81a4232c92e814e868d52da56b44676063943e536cd1a7e9c8b9c2095492c4f4dd452d80ff4457fe362062378b42cce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe

Filesize
468KB

MD5
5af41312c75dd5fd724c13192b01c687

SHA1
05c30fddab6bc646de87b2a12a0527e7572656d2

SHA256
b211992beffa6d9698c559e994c4795b5a72dc58b6a3b6e65da284b3edfb5543

SHA512
7f3eb538aecf3b39ebc429d29b936806e2710726bb183dff93027c124127e9ea168a6afbea962d07e1fe98b8847ad6629f275141097bae3d3ea1ea97b7477133

Download Submit