b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808a

Analysis

max time kernel
94s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 11:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe
Size

468KB
MD5

e1d542055761927bba647702f271c240
SHA1

27ebcb3df3571c4206ad6aeaf90abf340660d19d
SHA256

b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808a
SHA512

35a073b28c76e9be42a8062ac941f039c8865464e1d3b56fb78ca511fdc757a2037e1049a1a370647ada1a58e68f4b0f377a6338a3e385f4e85fcca366cac889
SSDEEP

3072:1G3HoggSIE5TtbY2HzcOcf8/zCcaP0pkJVHeTVPhQ6rL975gEflL:1G3ozMTtxH4OcfVY1zQ6vB5gE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3352	Unicorn-61492.exe
1240	Unicorn-18644.exe
3324	Unicorn-56147.exe
2776	Unicorn-49536.exe
2060	Unicorn-21502.exe
2572	Unicorn-20756.exe
3312	Unicorn-14625.exe
4704	Unicorn-11362.exe
3840	Unicorn-31228.exe
3036	Unicorn-12151.exe
4356	Unicorn-12151.exe
3780	Unicorn-3983.exe
4160	Unicorn-56811.exe
4732	Unicorn-63390.exe
4432	Unicorn-49655.exe
4232	Unicorn-30756.exe
928	Unicorn-26672.exe
3248	Unicorn-20541.exe
5024	Unicorn-59707.exe
2016	Unicorn-9951.exe
4856	Unicorn-26842.exe
3152	Unicorn-22204.exe
2576	Unicorn-13843.exe
208	Unicorn-5675.exe
2616	Unicorn-55431.exe
3744	Unicorn-9494.exe
1488	Unicorn-54876.exe
4468	Unicorn-30734.exe
1372	Unicorn-45946.exe
2084	Unicorn-40386.exe
1492	Unicorn-28784.exe
756	Unicorn-558.exe
2316	Unicorn-20424.exe
3868	Unicorn-7906.exe
4132	Unicorn-20424.exe
2068	Unicorn-37506.exe
2924	Unicorn-57180.exe
1412	Unicorn-9323.exe
988	Unicorn-64646.exe
2484	Unicorn-33828.exe
768	Unicorn-21384.exe
4824	Unicorn-56286.exe
1012	Unicorn-9686.exe
4504	Unicorn-54611.exe
656	Unicorn-49780.exe
3832	Unicorn-41612.exe
1452	Unicorn-37528.exe
1136	Unicorn-8747.exe
4056	Unicorn-21554.exe
1888	Unicorn-64070.exe
4280	Unicorn-20038.exe
1988	Unicorn-24321.exe
1600	Unicorn-31205.exe
4676	Unicorn-53672.exe
1940	Unicorn-33806.exe
3244	Unicorn-37071.exe
2724	Unicorn-11591.exe
3656	Unicorn-3423.exe
2832	Unicorn-60792.exe
2980	Unicorn-32758.exe
3700	Unicorn-20314.exe
4928	Unicorn-52624.exe
2884	Unicorn-8062.exe
3984	Unicorn-17713.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4508	3780	WerFault.exe	101
2472	3780	WerFault.exe	101
1192	4468	WerFault.exe	119
2380	1372	WerFault.exe	117
832	3744	WerFault.exe	115
812	4432	WerFault.exe	103
4552	4468	WerFault.exe	119
5112	3744	WerFault.exe	115
800	1372	WerFault.exe	117
4568	4432	WerFault.exe	103
1068	2924	WerFault.exe	131
1908	2316	WerFault.exe	129
4592	988	WerFault.exe	133
2328	3868	WerFault.exe	127
5940	2616	WerFault.exe	114
5984	1988	WerFault.exe	148
6012	2316	WerFault.exe	129
6036	1600	WerFault.exe	150
6124	1968	WerFault.exe	195
6028	116	WerFault.exe	194
3740	976	WerFault.exe	176
6932	5064	WerFault.exe	179
8324	1940	WerFault.exe	145
8280	2484	WerFault.exe	134
8092	4504	WerFault.exe	138
8772	5640	WerFault.exe	225
8876	5664	WerFault.exe	227
9020	2724	WerFault.exe	167
8404	6004	WerFault.exe	278
8188	1548	WerFault.exe	258
8292	3488	WerFault.exe	190
7944	3488	WerFault.exe	190
7152	6404	WerFault.exe	320
8444	6200	WerFault.exe	313
4056	7024	WerFault.exe	337
9484	6008	WerFault.exe	279
9468	5452	WerFault.exe	253
9476	5140	WerFault.exe	284
2080	7440	WerFault.exe	406
11180	7308	WerFault.exe	402
11292	7872	WerFault.exe	441
12624	7100	WerFault.exe	393
12744	7292	WerFault.exe	431
12516	2576	WerFault.exe	112
12364	5708	WerFault.exe	229
12356	5512	WerFault.exe	290
12348	5996	WerFault.exe	341
12340	6816	WerFault.exe	358
12332	6948	WerFault.exe	548
12324	8560	WerFault.exe	469
10736	5256	WerFault.exe	365
11944	6620	WerFault.exe	324
11932	6860	WerFault.exe	331
11924	6672	WerFault.exe	326
11884	8000	WerFault.exe	417
11788	6692	WerFault.exe	335
11732	5596	WerFault.exe	308
11724	5580	WerFault.exe	298
11716	5908	WerFault.exe	301
11704	6988	WerFault.exe	445
11696	5504	WerFault.exe	307
11676	4968	WerFault.exe	437
11668	7212	WerFault.exe	397
11660	4468	WerFault.exe	453

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61980.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe
3352	Unicorn-61492.exe
1240	Unicorn-18644.exe
3324	Unicorn-56147.exe
2776	Unicorn-49536.exe
2060	Unicorn-21502.exe
3312	Unicorn-14625.exe
2572	Unicorn-20756.exe
4704	Unicorn-11362.exe
3840	Unicorn-31228.exe
4356	Unicorn-12151.exe
3780	Unicorn-3983.exe
3036	Unicorn-12151.exe
4160	Unicorn-56811.exe
4432	Unicorn-49655.exe
4732	Unicorn-63390.exe
4232	Unicorn-30756.exe
928	Unicorn-26672.exe
3248	Unicorn-20541.exe
5024	Unicorn-59707.exe
2016	Unicorn-9951.exe
4856	Unicorn-26842.exe
3152	Unicorn-22204.exe
2576	Unicorn-13843.exe
208	Unicorn-5675.exe
1488	Unicorn-54876.exe
3744	Unicorn-9494.exe
1372	Unicorn-45946.exe
2084	Unicorn-40386.exe
4468	Unicorn-30734.exe
2616	Unicorn-55431.exe
1492	Unicorn-28784.exe
4132	Unicorn-20424.exe
2316	Unicorn-20424.exe
756	Unicorn-558.exe
3868	Unicorn-7906.exe
2068	Unicorn-37506.exe
2924	Unicorn-57180.exe
1412	Unicorn-9323.exe
988	Unicorn-64646.exe
2484	Unicorn-33828.exe
768	Unicorn-21384.exe
4824	Unicorn-56286.exe
4504	Unicorn-54611.exe
1012	Unicorn-9686.exe
1452	Unicorn-37528.exe
3832	Unicorn-41612.exe
656	Unicorn-49780.exe
1136	Unicorn-8747.exe
4056	Unicorn-21554.exe
1888	Unicorn-64070.exe
4280	Unicorn-20038.exe
1940	Unicorn-33806.exe
4676	Unicorn-53672.exe
1988	Unicorn-24321.exe
3244	Unicorn-37071.exe
1600	Unicorn-31205.exe
2724	Unicorn-11591.exe
3656	Unicorn-3423.exe
2832	Unicorn-60792.exe
3700	Unicorn-20314.exe
2980	Unicorn-32758.exe
4928	Unicorn-52624.exe
976	Unicorn-18997.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 3352	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	85
PID 2736 wrote to memory of 3352	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	85
PID 2736 wrote to memory of 3352	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	85
PID 3352 wrote to memory of 1240	3352	Unicorn-61492.exe	88
PID 3352 wrote to memory of 1240	3352	Unicorn-61492.exe	88
PID 3352 wrote to memory of 1240	3352	Unicorn-61492.exe	88
PID 2736 wrote to memory of 3324	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	89
PID 2736 wrote to memory of 3324	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	89
PID 2736 wrote to memory of 3324	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	89
PID 1240 wrote to memory of 2776	1240	Unicorn-18644.exe	91
PID 1240 wrote to memory of 2776	1240	Unicorn-18644.exe	91
PID 1240 wrote to memory of 2776	1240	Unicorn-18644.exe	91
PID 3352 wrote to memory of 2060	3352	Unicorn-61492.exe	92
PID 3352 wrote to memory of 2060	3352	Unicorn-61492.exe	92
PID 3352 wrote to memory of 2060	3352	Unicorn-61492.exe	92
PID 3324 wrote to memory of 2572	3324	Unicorn-56147.exe	94
PID 3324 wrote to memory of 2572	3324	Unicorn-56147.exe	94
PID 3324 wrote to memory of 2572	3324	Unicorn-56147.exe	94
PID 2736 wrote to memory of 3312	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	93
PID 2736 wrote to memory of 3312	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	93
PID 2736 wrote to memory of 3312	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	93
PID 1240 wrote to memory of 4704	1240	Unicorn-18644.exe	97
PID 1240 wrote to memory of 4704	1240	Unicorn-18644.exe	97
PID 1240 wrote to memory of 4704	1240	Unicorn-18644.exe	97
PID 2776 wrote to memory of 3840	2776	Unicorn-49536.exe	98
PID 2776 wrote to memory of 3840	2776	Unicorn-49536.exe	98
PID 2776 wrote to memory of 3840	2776	Unicorn-49536.exe	98
PID 2572 wrote to memory of 3036	2572	Unicorn-20756.exe	100
PID 2060 wrote to memory of 4356	2060	Unicorn-21502.exe	99
PID 2572 wrote to memory of 3036	2572	Unicorn-20756.exe	100
PID 2572 wrote to memory of 3036	2572	Unicorn-20756.exe	100
PID 2060 wrote to memory of 4356	2060	Unicorn-21502.exe	99
PID 2060 wrote to memory of 4356	2060	Unicorn-21502.exe	99
PID 3312 wrote to memory of 3780	3312	Unicorn-14625.exe	101
PID 3312 wrote to memory of 3780	3312	Unicorn-14625.exe	101
PID 3312 wrote to memory of 3780	3312	Unicorn-14625.exe	101
PID 2736 wrote to memory of 4160	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	104
PID 2736 wrote to memory of 4160	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	104
PID 2736 wrote to memory of 4160	2736	b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe	104
PID 3352 wrote to memory of 4732	3352	Unicorn-61492.exe	102
PID 3352 wrote to memory of 4732	3352	Unicorn-61492.exe	102
PID 3352 wrote to memory of 4732	3352	Unicorn-61492.exe	102
PID 3324 wrote to memory of 4432	3324	Unicorn-56147.exe	103
PID 3324 wrote to memory of 4432	3324	Unicorn-56147.exe	103
PID 3324 wrote to memory of 4432	3324	Unicorn-56147.exe	103
PID 4704 wrote to memory of 4232	4704	Unicorn-11362.exe	105
PID 4704 wrote to memory of 4232	4704	Unicorn-11362.exe	105
PID 4704 wrote to memory of 4232	4704	Unicorn-11362.exe	105
PID 3840 wrote to memory of 928	3840	Unicorn-31228.exe	106
PID 3840 wrote to memory of 928	3840	Unicorn-31228.exe	106
PID 3840 wrote to memory of 928	3840	Unicorn-31228.exe	106
PID 1240 wrote to memory of 3248	1240	Unicorn-18644.exe	107
PID 1240 wrote to memory of 3248	1240	Unicorn-18644.exe	107
PID 1240 wrote to memory of 3248	1240	Unicorn-18644.exe	107
PID 2776 wrote to memory of 5024	2776	Unicorn-49536.exe	108
PID 2776 wrote to memory of 5024	2776	Unicorn-49536.exe	108
PID 2776 wrote to memory of 5024	2776	Unicorn-49536.exe	108
PID 4356 wrote to memory of 2016	4356	Unicorn-12151.exe	109
PID 4356 wrote to memory of 2016	4356	Unicorn-12151.exe	109
PID 4356 wrote to memory of 2016	4356	Unicorn-12151.exe	109
PID 2060 wrote to memory of 4856	2060	Unicorn-21502.exe	110
PID 2060 wrote to memory of 4856	2060	Unicorn-21502.exe	110
PID 2060 wrote to memory of 4856	2060	Unicorn-21502.exe	110
PID 3036 wrote to memory of 3152	3036	Unicorn-12151.exe	111

C:\Users\Admin\AppData\Local\Temp\b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe
"C:\Users\Admin\AppData\Local\Temp\b7b2f614fa6fee40d02da33c676c484597283958674520432c0d35f1172f808aN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 640
        8⤵
        Program crash
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 672
        8⤵
        Program crash
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        7⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 624
        8⤵
        Program crash
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        8⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        9⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        9⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
        11⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        11⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        10⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        11⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        10⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        11⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        11⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        10⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        10⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 668
        9⤵
        Program crash
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        8⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 724
        9⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        9⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10159.exe
        9⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
        10⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        11⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 624
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
        8⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 720
        9⤵
        Program crash
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        8⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        7⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 656
        8⤵
        Program crash
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        9⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        10⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
        8⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        8⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 636
        7⤵
        Program crash
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        7⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 636
        7⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        7⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        6⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 632
        7⤵
        Program crash
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        6⤵
        Executes dropped EXE
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        7⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        6⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 636
        7⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 648
        6⤵
        Program crash
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 644
        10⤵
        Program crash
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 736
        8⤵
        Program crash
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        7⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 728
        8⤵
        Program crash
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        8⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 720
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 628
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
        9⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 656
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        8⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 720
        9⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        8⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
        8⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        9⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 656
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 644
        10⤵
        Program crash
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        9⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        10⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
        10⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        9⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        8⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 636
        9⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        8⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        8⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        6⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 644
        7⤵
        Program crash
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        6⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        6⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 636
        7⤵
        Program crash
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        6⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        6⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 636
        7⤵
        
        PID:11128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 640
        6⤵
        Program crash
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        5⤵
        
        PID:7872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 644
        6⤵
        Program crash
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        5⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
        6⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
        5⤵
        
        PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        9⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 720
        10⤵
        Program crash
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        9⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 636
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        9⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        8⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 636
        9⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 636
        8⤵
        Program crash
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        7⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 628
        7⤵
        Program crash
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44228.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        7⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        8⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        9⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        7⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        6⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        7⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        8⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 720
        9⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 640
        8⤵
        Program crash
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        7⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 640
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        7⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 636
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38926.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        9⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        8⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        7⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        5⤵
        
        PID:2256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 724
        6⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 636
        6⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        6⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        5⤵
        
        PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 636
        5⤵
        Program crash
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 628
        5⤵
        Program crash
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23214.exe
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        7⤵
        
        PID:11188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 668
        6⤵
        Program crash
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        6⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        5⤵
        
        PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
        5⤵
        
        PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
      4⤵
      PID:8068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        12⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        12⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
        11⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        11⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 752
        10⤵
        Program crash
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        9⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        10⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        11⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        11⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        11⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        10⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        10⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        10⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        9⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        10⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        11⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        11⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 636
        10⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        9⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 720
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        9⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        9⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        8⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        6⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        8⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 720
        9⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        8⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 608
        9⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 624
        8⤵
        Program crash
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        6⤵
        
        PID:2608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 712
        6⤵
        Program crash
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 116 -s 636
        6⤵
        Program crash
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        6⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        6⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2219.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        9⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        9⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        8⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 636
        9⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        8⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 732
        6⤵
        Program crash
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        7⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        9⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        8⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 728
        7⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        6⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        6⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        5⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        7⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        5⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 636
        6⤵
        Program crash
        
        PID:7944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 636
        6⤵
        Program crash
        
        PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        6⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 628
        7⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        5⤵
        
        PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        5⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        6⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        7⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
      4⤵
      PID:9360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 636
        5⤵
        
        PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      4⤵
      PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
        7⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 636
        8⤵
        Program crash
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        7⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        7⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 608
        8⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 636
        7⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12530.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        5⤵
        
        PID:8008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 616
        5⤵
        Program crash
        
        PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        6⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        7⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        5⤵
        
        PID:6944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 636
        6⤵
        
        PID:5080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 632
        5⤵
        Program crash
        
        PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
      4⤵
      PID:7156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 636
        5⤵
        
        PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 720
      4⤵
      Program crash
      PID:832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 720
      4⤵
      Program crash
      PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 632
      4⤵
      Program crash
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
    3⤵
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        5⤵
        
        PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
      4⤵
      PID:7752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 636
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
      4⤵
      PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        5⤵
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
      4⤵
      PID:13392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
    3⤵
    PID:7864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 636
      4⤵
      PID:11604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
    3⤵
    PID:10156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
      4⤵
      PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
    3⤵
    PID:4860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        10⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
        10⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        10⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        9⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        10⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        10⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 720
        9⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        8⤵
        
        PID:13532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        7⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        6⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        9⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        11⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
        10⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        11⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        10⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        8⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        9⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        9⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        9⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 664
        8⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 724
        7⤵
        Program crash
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        6⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        6⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        5⤵
        
        PID:1968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 632
        6⤵
        Program crash
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        5⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        5⤵
        
        PID:7924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 636
        6⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        5⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        6⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19184.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        7⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 636
        8⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 616
        7⤵
        Program crash
        
        PID:11696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 720
        5⤵
        Program crash
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        9⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        9⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        8⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        8⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 720
        7⤵
        Program crash
        
        PID:12340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 724
        6⤵
        Program crash
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        5⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
        6⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        5⤵
        
        PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        8⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 616
        8⤵
        Program crash
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        8⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 636
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 628
        8⤵
        
        PID:11400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 720
      4⤵
      Program crash
      PID:812
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 752
      4⤵
      Program crash
      PID:4568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        8⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 640
        7⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        8⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
        5⤵
        
        PID:7292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 644
        6⤵
        Program crash
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        5⤵
        
        PID:9768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 696
        5⤵
        
        PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        7⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 644
        8⤵
        Program crash
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 724
        7⤵
        Program crash
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        6⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 656
        7⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        6⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42130.exe
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
        6⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        7⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        5⤵
        
        PID:9232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 636
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5011.exe
        5⤵
        
        PID:7180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 636
        6⤵
        
        PID:10040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 672
        5⤵
        Program crash
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        5⤵
        
        PID:10232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 640
        6⤵
        
        PID:8776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 660
        5⤵
        
        PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
      4⤵
      PID:11976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
      4⤵
      PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        6⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        5⤵
        
        PID:836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
    3⤵
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
    3⤵
    PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
      4⤵
      PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
    3⤵
    PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        5⤵
        
        PID:9068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
    3⤵
    PID:6792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
    3⤵
    PID:14016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 640
      4⤵
      Program crash
      PID:4508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 640
      4⤵
      Program crash
      PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 632
      4⤵
      Program crash
      PID:1192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 632
      4⤵
      Program crash
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 628
      4⤵
      Program crash
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
      4⤵
      PID:6004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 640
        5⤵
        Program crash
        
        PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 720
        5⤵
        Program crash
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        5⤵
        
        PID:14332
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 648
      4⤵
      PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
    3⤵
    PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        5⤵
        
        PID:8924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 632
        5⤵
        
        PID:10612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 640
      4⤵
      PID:11144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
    3⤵
    PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
    3⤵
    PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        5⤵
        
        PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
      4⤵
      PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
    3⤵
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
      4⤵
      PID:8988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        7⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 720
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        7⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 644
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        7⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        6⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        5⤵
        
        PID:8000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 640
        6⤵
        Program crash
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        5⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        6⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        7⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        5⤵
        
        PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
      4⤵
      PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        6⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 636
        7⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        6⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        5⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        6⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        7⤵
        
        PID:11572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 656
        6⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
      4⤵
      PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        5⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
        5⤵
        
        PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
      4⤵
      PID:2356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 640
        5⤵
        
        PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
      4⤵
      PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        5⤵
        
        PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
      4⤵
      PID:14140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 656
      4⤵
      Program crash
      PID:8324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
    3⤵
    PID:5248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 632
    3⤵
    - Program crash
    PID:2380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 672
    3⤵
    - Program crash
    PID:800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        7⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        6⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        7⤵
        
        PID:11244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 628
        6⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
        5⤵
        
        PID:8528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 636
        6⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
        5⤵
        
        PID:9996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 636
        6⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
      4⤵
      PID:6296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
    3⤵
    PID:6200
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 724
      4⤵
      Program crash
      PID:8444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
    3⤵
    PID:8728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
    3⤵
    PID:10332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
    3⤵
    PID:8188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
  2⤵
  PID:1436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
  2⤵
  PID:4364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 640
    3⤵
    - Program crash
    PID:11704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
  2⤵
  PID:9984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
  2⤵
  PID:6796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
  2⤵
  PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3780 -ip 3780
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3780 -ip 3780
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4468 -ip 4468
1⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1372 -ip 1372
1⤵
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3744 -ip 3744
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4432 -ip 4432
1⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4468 -ip 4468
1⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3744 -ip 3744
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1372 -ip 1372
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4432 -ip 4432
1⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2316 -ip 2316
1⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2924 -ip 2924
1⤵
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3868 -ip 3868
1⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 988 -ip 988
1⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4056 -ip 4056
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1988 -ip 1988
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1600 -ip 1600
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1488 -ip 1488
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2616 -ip 2616
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4056 -ip 4056
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1600 -ip 1600
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2316 -ip 2316
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3868 -ip 3868
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2924 -ip 2924
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 988 -ip 988
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 976 -ip 976
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4988 -ip 4988
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2884 -ip 2884
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1488 -ip 1488
1⤵
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4516 -ip 4516
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5064 -ip 5064
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1968 -ip 1968
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2884 -ip 2884
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 116 -ip 116
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4580 -ip 4580
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 940 -ip 940
1⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2608 -ip 2608
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2480 -ip 2480
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4988 -ip 4988
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 976 -ip 976
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4516 -ip 4516
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5064 -ip 5064
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3560 -ip 3560
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 2616 -ip 2616
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2480 -ip 2480
1⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1988 -ip 1988
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2608 -ip 2608
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 940 -ip 940
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1796 -ip 1796
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5152 -ip 5152
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5192 -ip 5192
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1436 -ip 1436
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4424 -ip 4424
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1956 -ip 1956
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5248 -ip 5248
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4580 -ip 4580
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3560 -ip 3560
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 2016 -ip 2016
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4232 -ip 4232
1⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4504 -ip 4504
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3152 -ip 3152
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2484 -ip 2484
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 768 -ip 768
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 656 -ip 656
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4824 -ip 4824
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4160 -ip 4160
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2572 -ip 2572
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1888 -ip 1888
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1940 -ip 1940
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5640 -ip 5640
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5664 -ip 5664
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1796 -ip 1796
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5192 -ip 5192
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5152 -ip 5152
1⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2832 -ip 2832
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 2724 -ip 2724
1⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 3656 -ip 3656
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4424 -ip 4424
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 3488 -ip 3488
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1548 -ip 1548
1⤵
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 1436 -ip 1436
1⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5248 -ip 5248
1⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 2016 -ip 2016
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 5148 -ip 5148
1⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6004 -ip 6004
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5124 -ip 5124
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 3152 -ip 3152
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2256 -ip 2256
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6192 -ip 6192
1⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 656 -ip 656
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6228 -ip 6228
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 2572 -ip 2572
1⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5660 -ip 5660
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4160 -ip 4160
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6180 -ip 6180
1⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6404 -ip 6404
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 1784 -ip 1784
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5696 -ip 5696
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5832 -ip 5832
1⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6304 -ip 6304
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4364 -ip 4364
1⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6152 -ip 6152
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5260 -ip 5260
1⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6600 -ip 6600
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 1888 -ip 1888
1⤵
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5200 -ip 5200
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1956 -ip 1956
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2612 -ip 2612
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7028 -ip 7028
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6660 -ip 6660
1⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 4332 -ip 4332
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6708 -ip 6708
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6200 -ip 6200
1⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6252 -ip 6252
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3732 -ip 3732
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7024 -ip 7024
1⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6936 -ip 6936
1⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6296 -ip 6296
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6780 -ip 6780
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1792 -ip 1792
1⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 768 -ip 768
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4824 -ip 4824
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6832 -ip 6832
1⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 4232 -ip 4232
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 3700 -ip 3700
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 1452 -ip 1452
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3984 -ip 3984
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3780 -ip 3780
1⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1136 -ip 1136
1⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5184 -ip 5184
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 5160 -ip 5160
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6132 -ip 6132
1⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 5620 -ip 5620
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1412 -ip 1412
1⤵
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2172 -ip 2172
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 2436 -ip 2436
1⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 3656 -ip 3656
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 4716 -ip 4716
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4184 -ip 4184
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4308 -ip 4308
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2832 -ip 2832
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5604 -ip 5604
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4508 -ip 4508
1⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 896 -ip 896
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 5220 -ip 5220
1⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5140 -ip 5140
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5452 -ip 5452
1⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 6008 -ip 6008
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 116 -ip 116
1⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5148 -ip 5148
1⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5124 -ip 5124
1⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5924 -ip 5924
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6180 -ip 6180
1⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6228 -ip 6228
1⤵
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6192 -ip 6192
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5660 -ip 5660
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 2256 -ip 2256
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1784 -ip 1784
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5696 -ip 5696
1⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5832 -ip 5832
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6304 -ip 6304
1⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4364 -ip 4364
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6152 -ip 6152
1⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5260 -ip 5260
1⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6600 -ip 6600
1⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 5200 -ip 5200
1⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 2612 -ip 2612
1⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 7028 -ip 7028
1⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3340 -ip 3340
1⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7172 -ip 7172
1⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7180 -ip 7180
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7204 -ip 7204
1⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 6944 -ip 6944
1⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 5380 -ip 5380
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7504 -ip 7504
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6660 -ip 6660
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4332 -ip 4332
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6252 -ip 6252
1⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1968 -ip 1968
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 6708 -ip 6708
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 5952 -ip 5952
1⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7440 -ip 7440
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 7240 -ip 7240
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 6296 -ip 6296
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6936 -ip 6936
1⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 7392 -ip 7392
1⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 7308 -ip 7308
1⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 6780 -ip 6780
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 3732 -ip 3732
1⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 1792 -ip 1792
1⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3984 -ip 3984
1⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 1452 -ip 1452
1⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3780 -ip 3780
1⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 5160 -ip 5160
1⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 5184 -ip 5184
1⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3700 -ip 3700
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6832 -ip 6832
1⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 1136 -ip 1136
1⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 6132 -ip 6132
1⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 5620 -ip 5620
1⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1412 -ip 1412
1⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 2172 -ip 2172
1⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7968 -ip 7968
1⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 4716 -ip 4716
1⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 4508 -ip 4508
1⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2436 -ip 2436
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 5604 -ip 5604
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 4308 -ip 4308
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4968 -ip 4968
1⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8000 -ip 8000
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 4468 -ip 4468
1⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 8060 -ip 8060
1⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7452 -ip 7452
1⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 8500 -ip 8500
1⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 8740 -ip 8740
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 8156 -ip 8156
1⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 7864 -ip 7864
1⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7924 -ip 7924
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 7512 -ip 7512
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 8528 -ip 8528
1⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7956 -ip 7956
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7156 -ip 7156
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5504 -ip 5504
1⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 5908 -ip 5908
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 5440 -ip 5440
1⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 5596 -ip 5596
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1436 -p 5580 -ip 5580
1⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5948 -ip 5948
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 8508 -ip 8508
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 6988 -ip 6988
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 7212 -ip 7212
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 4184 -ip 4184
1⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 6700 -ip 6700
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6672 -ip 6672
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 6620 -ip 6620
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 6860 -ip 6860
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6692 -ip 6692
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1504 -p 5220 -ip 5220
1⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 896 -ip 896
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5256 -ip 5256
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5708 -ip 5708
1⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 5512 -ip 5512
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6816 -ip 6816
1⤵
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5996 -ip 5996
1⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 6948 -ip 6948
1⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 8560 -ip 8560
1⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 7872 -ip 7872
1⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 8760 -ip 8760
1⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5924 -ip 5924
1⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 7972 -ip 7972
1⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 8140 -ip 8140
1⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 8008 -ip 8008
1⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 5516 -ip 5516
1⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1564 -p 2576 -ip 2576
1⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 2068 -ip 2068
1⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 3244 -ip 3244
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1504 -ip 1504
1⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 7248 -ip 7248
1⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7292 -ip 7292
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1524 -p 7852 -ip 7852
1⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 8924 -ip 8924
1⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1572 -p 8068 -ip 8068
1⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1516 -p 8568 -ip 8568
1⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 6492 -ip 6492
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 7988 -ip 7988
1⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 7892 -ip 7892
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 8720 -ip 8720
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 8576 -ip 8576
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5600 -ip 5600
1⤵
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 7976 -ip 7976
1⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1700 -p 8904 -ip 8904
1⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 5740 -ip 5740
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 8916 -ip 8916
1⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 8952 -ip 8952
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 5392 -ip 5392
1⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7224 -ip 7224
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 880 -ip 880
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1796 -ip 1796
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 928 -ip 928
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1708 -p 6176 -ip 6176
1⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6092 -ip 6092
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 9180 -ip 9180
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2608 -ip 2608
1⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 3608 -ip 3608
1⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1548 -p 6236 -ip 6236
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1716 -p 7764 -ip 7764
1⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 8588 -ip 8588
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 8728 -ip 8728
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1508 -p 9192 -ip 9192
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3488 -ip 3488
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1548 -ip 1548
1⤵
PID:14536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 5488 -ip 5488
1⤵
PID:14832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6128 -ip 6128
1⤵
PID:14940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1940 -ip 1940
1⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6412 -ip 6412
1⤵
PID:14636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe

Filesize
468KB

MD5
1880efa8ad7b7c43fc2a49fd0e322cb5

SHA1
908f423b652d7e0b2f86fcfcf0f5710e512081c7

SHA256
d7ef14e3bccfd8abbbf5431bc3f281fc4e3cfc5ef3d1dbb385ff263ac0cb1ee9

SHA512
0eedc1476f8f5ea34691451ab9426f57a3e7d95814ceaed385867773620151efc776e00f9710975db5c51d715b2d5eccbc40b0eb87d924142423c47a1ff9b4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe

Filesize
468KB

MD5
3a7d0af3f15608348b15b8178759c57d

SHA1
a1562c6b115c20b3a22f576488d7acae47e6ed48

SHA256
08532c6f070cda520270e8f6a1aed4a0cf59da1b640c45017a89fa4cd9b35e48

SHA512
4d71e6f1cb2783b753862ee5f0708e75ce64cb71cba5379b372f69d2395058aa07e0f122d71bf4401280403053ad816ce7aaf9e449bede45806918b619c0d839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe

Filesize
468KB

MD5
68388c0f3cf31faeb82e071443b1cc83

SHA1
a6ef533b8516bff72e47abe133c2ac299cd5d896

SHA256
ce5d023bd8d7df79021e8ec3c05da35fa3e32dccb98b33b50355d7837ac71feb

SHA512
a3c2ce479b539aa9ce7015ef9c392de28b132bffb5d77e1049c9e70101b0b82bd4087fae39c9c339fd1e0f4d2e715576630febac1298d1eb84de179c9ea9a23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe

Filesize
468KB

MD5
24af6a476bb9d29021f516fdf05614a4

SHA1
68ed82144bd190100b480886f914519861c685c0

SHA256
8d9d10c538b90a64a63044f5f0a9df7c581206be19d29b33baa2409cd6ddaf50

SHA512
408d4350bc3cdfc09825504d9fa1ad170787d1a3cc9dfd5a13469a6477b3bd796d6243850b707095edfa8c4a1f28eab8f30695b9c649a14df98aa554bcc43d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe

Filesize
468KB

MD5
7cde28b5dc0b87eedc691a29fa3adfca

SHA1
92256c8520614daacf1829c65fba148a39514850

SHA256
335a74416fc6aaeb157ed65821b350bfa9c8e0b11b381a21674942ac2c8c7738

SHA512
2c6c8581a3d4813fc5ef75077e03b5443cc5d56c7281b43a96614fda8b9f133372202fddf513d0d49a8d2f6e794ddb7370831263b4f54c22646aecd380756860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe

Filesize
468KB

MD5
068d6b4d476de48dafc90ebe7a859a26

SHA1
30d46daba8a1af65d3c6486b0ad67c4efeaeb810

SHA256
58bd64249673b304cb4c08c25776ebd1a407f64487c41d45cb8b17695522ea7a

SHA512
8b13ae34fdc99ab4ac45c9e07c5b3fe0ab9d156afa29491e493d6e2426d39f023ddaa0589bdb21472e091d7db8508dcbd190e134e09e8fb599c6f09f0951ca2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe

Filesize
468KB

MD5
820a64858caac5163b847ac9d24488d9

SHA1
58a7420139efac3681e5cb59178aaec26bad7963

SHA256
ce0246c88a403cf1c3fc0b6e267edf8117d45d2fdf7573df5df276b7df8ecdaa

SHA512
1f10a3b7001eb7ea85cad330f8d5ddfdd6fdf581a0484178bd612eb4b5ab10118af7f7aec174324ebf30358c4bf024f37bbb339e0fc2261523af634d76a81038

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe

Filesize
468KB

MD5
98fb6f3964a6cad1eb6d3f1e22196626

SHA1
cfab9dcc6a55548c373484d74182e39d045378a5

SHA256
dcc1bc38c9367f8002b9e9ff08d2f0e22862690feb4ffcde04f28521d7d20a5f

SHA512
4797df0b1fb1c535c3bf9f2d05a5d89fbd5bf38baf15c29f8066881f79136e12f5bc848dd6f2f98d4c2100a7ac19f605f1f94dc322fc17ff61b5b91e0fa61f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe

Filesize
468KB

MD5
d00dcea8ee5e4c0ecc2c44ce63fa3113

SHA1
02b57a564627189d27db35abeb27b1fe22a6a791

SHA256
3df7724ba2263cd3d278536e281927e74f0fe3422655b7a0f05621d712fbb87d

SHA512
d2bb1ccdb6129d4403069f950d3e5a81f0e51874e4c1dd31feb3e52efeda524439b50265e165fdaf21796560a89834ce610fd7a7da5ca44384c05f541382570b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe

Filesize
468KB

MD5
a4594890cb4a0c7061d70a3599f1ea2d

SHA1
7caaa8349625d5b9e270b24930c5a20b45d929d3

SHA256
776e57c1225ad562fc3a5c9e7f436769428220de298fa0b38bae9cb6d1f83b9e

SHA512
b2d8425b290cfe8481a9d247f0f7e6af7466b083afde598cd802662258409e2b8dc7fa8387bc0eb46dc9f81fe9bb8b2c47cd5a0cc0bf33033c6d7192a22a1085

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe

Filesize
468KB

MD5
cb0072b725b603725bf470074ce2f604

SHA1
560be282ddf736db24ed7fc4639615a0e5c05b6c

SHA256
130022d5d97c25ab4e8b7541aaf1f054becc74aebe0dd1f138cca317af6659f9

SHA512
a9adb7d8c2a4c364e0b82af495ec5a0ace4c62a2ffa9a07faf1527c96530b4e94c3fd13052d18c60535f37fe86fdbf5fa59934ae0965bcfc9695eb57fff2af1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe

Filesize
468KB

MD5
2b20c6e3f69085774862399d5e969092

SHA1
8f424ff4f4d804009cf4d874d5b8ccc5f7587f3b

SHA256
bad83387e2cb63e11566682500fcdcd12f0ffc553b7424c8d70db51fde8f04be

SHA512
ae5b4333608d772a54dc0899b906afba7839c8dca2d9ab35fdbd590126b3c95cbff1ff95b00de0adbb426723ac13dff78eefdc008f2932c59cdfd7ad166a7c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe

Filesize
468KB

MD5
352b3cbf42f21ca4a62d710d204ed588

SHA1
31bf89553eff18dc3b40ab611499a6f9e5184b55

SHA256
7109d73b18349b22fb2794481fcee613ac2ecbd2e835ae823ecec460a13eca18

SHA512
fe506611dda7bab19e17f14550110b6c1fa8f9129b31b6c2d706466ca22222cc6014f0244f0def7f6807203c00d3cb9473dbcbb7aad350eec46c7e4a771f78b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe

Filesize
468KB

MD5
4cb216f004856bd5bc8292a5bf24296d

SHA1
0cd1dcef5d3554c42912ea7ceab1cd74df3f7c9f

SHA256
5eafea8eb1b059c52c6bb5d0ed3c8b6c4e369812888ac164ab0872f61cbabea5

SHA512
64eb10b96399cd36ee462e7ad2633ec05ec3b7e86cf1adabf988ef5adde3a52512517c3fd5c4c2b68c6d9ec97c67d36335ff83dc0c5b7a8fc0101bf38a39e249

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe

Filesize
468KB

MD5
cefabcedbb5779cb959cd9963b19c196

SHA1
9ce413fdd1852672c53432fbddacc57f98940bcc

SHA256
89114fd95ab43f6054dbbe8b9796c5a16a6e59772a4d19bea9d9d67c989c5679

SHA512
453672ffaabb551a609420170f8866ffb527cbbe7cd07680d2e30ac62aa79c238a03105427d38129d216f986a09d75bd292ee9e187b3457b905a487ef6875283

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe

Filesize
468KB

MD5
378d02457759afb0cc4e46e4916968ba

SHA1
9d2837b4185f1468d345db56ca136487ea2a3677

SHA256
26aabb1cb077b9a8f6a56c557f1e16335dbde69c8ffc396fccc4230298869453

SHA512
7167688a4771b1d33145993ff1b87107b6a81767826edd4686180f085790c3373c7b4b1507cce20cfc00279479c2b5ba4751c0ea41316cc7784d8122ca24e87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe

Filesize
468KB

MD5
55634b60e8f87fd9b12282f6ad6ab698

SHA1
5545f8dacb29552b7e0ac3038bfaa1d6dc1d95b1

SHA256
acd40d1d1c8120169d10983dc4f1687dbf784a80f769e627939afc9f17421873

SHA512
4f62e6bec6c861d16869ca4f48666ad8b62540db0b27380ba05c95d2e2d67bce4c2bf5b47fd6738b0c1aeea0618fb86f91fb1271d01f06399b8820e728393cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe

Filesize
468KB

MD5
5d3be770cee8e66642a5e237be478c03

SHA1
f168a9e63267b0d029f5c1c6dcea0f9bc235cfdf

SHA256
01f0175ecc6c8d2ec2a9218dfae98c4fafb680bc0bbb2e88e5d3f4ccc722de07

SHA512
7f55e9ecad0b8df8136fd2fa1d71aa79fd507cc051a37078f57cea55b051b10069de600ce9486c5374d6e6a24fcef850d42880371a6a39700e252d6d6890d08a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe

Filesize
468KB

MD5
2c51876c6e3b01637cbf193c8c30381f

SHA1
02b8c514f134760286a8ef9a02641b0649ccfcdc

SHA256
6a89a51058cc1f3ad64098ad8736940105e1174fec2f2bf2086b087959b41d86

SHA512
c414558fb1885f0ac00f531fb745079791ae3f0bf27577242142d0a66cff0a8cdb8e37e374bd08efd45e99ba1837af2db173e000b8f2439701824eeb5ad12d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe

Filesize
468KB

MD5
48c906deb377b93878bcf9222d0110fa

SHA1
357ec23b585f5359d008a44743f7a328918406e5

SHA256
8a7ef44d8568cee59ff88912df372420eca05682b9718848c076f9096ade161b

SHA512
3a0674819839033bc7b75d63e4044bcbed564a2bd29321b7d2b2c8ef2e37e84e21d0a3c4a354c4f7394c31f790dbf9f39d6611c9a38b2b6d77217a47db1298ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe

Filesize
468KB

MD5
169f33a96ad7d61863b74cceaac9bcd5

SHA1
8b1de01e7e8ee7249083b3a378a073533f554c35

SHA256
3dddb8e53a2d93ef22f349e0ea88c53bd45c3e9cc20505c632f2ce28b6e047d6

SHA512
f9d6bb12c6187891bb8421ee0bda15f49d107d0ad40ed372803dfec30b691f92ddda71f6513d085a555f7ae65af1aacae3d49dcadd0cd696f083ba9a7dd5a69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe

Filesize
468KB

MD5
9dde3b651ca6fea7858c0a8c23903824

SHA1
6085177dd58979da58ff9e1a19d9e3a721e4602c

SHA256
f41e2386fd8ba4c6ab0c71237740ca9b31340bb159d9e490b163ac308ccbb5cb

SHA512
2b2a29b04a790f463ecc83e5c7d33499664051089c53e84e00ee079fcfae7f1b7265e80af982c7887befd31ba04fd86df10e5278927644c8697f8fb455f80311

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe

Filesize
468KB

MD5
26582f322bb8826672eb1ab3f532f806

SHA1
d3175c2cebe19b011a4d5df14125be8aca609088

SHA256
26f9a84d05caaa322097f5fea4e952d02d1f7b611b919e90076f711ff53b8672

SHA512
42f6a5a0f2ec388c95b131b2795aed5bdecf7b20118f6e9c28ece082b965eb93a87ffca7859e6066686d1c5a9052856bb77e6ccbb18101c6b85a44f1aece7846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe

Filesize
468KB

MD5
d16bd4fd7688888514e93a54481f7749

SHA1
9c5f48f04fabd05f7b6baa6ab896d5bba936eeb6

SHA256
39a1e6cc9820798f18f658b587ac2176f63ece333aa62b5fdcef8f499ea16d8a

SHA512
a2a5e2f0e9c07b244cb93ab14380adf59ffc5aa394885a3f72088db7061d13d5fed084b74b4a1be22480175dcf4a91537d3b4103f23c0c7ecb17bb38c3d849cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe

Filesize
468KB

MD5
1a82721d48664f5792feb3fc395ef706

SHA1
45e1fe2ca917e5f808a33171d2daaa99c5e710e8

SHA256
74f46f9296fcfc786fc8237f1a1a928af73fca4965682e0c06f51620d2a83378

SHA512
df7590c5d72f242b7953467d1a09ad1b2d5b717332f73534c33a6c5d0d563640dc81cdc9a07f16034cdc7cfd4d2b9516b916cb30e2169fef2933e51749059c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe

Filesize
468KB

MD5
3ff9cce63651018073052d4cd36128fb

SHA1
918c7f14cc9246bca876803485e1007b93def8af

SHA256
f26bdc80c5a6769e7991c7e616b5072350dd1e829b5e89eb9804fc1391009cba

SHA512
0dd291cb957e28c3d6f626aea7269767d5059b0812d89c820773c95f997ca7f2139cc93a013d946cfee601a36d5aa54f53335976e09e5f6d0a671f7c981717de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe

Filesize
468KB

MD5
616b4d8f3d25a1225327d8b531ed530f

SHA1
e166daea95a15653efe7cda188676c0eebac3efb

SHA256
9b6960d2127213a743e1d0b0ef4218a78b27ed617c4b0410fce003943e4e05df

SHA512
e0fbd058cdbee671bdb3a33989ba93ee770fd3d92674cad037282c20a499026cfa135f59744928f65af0218fd80645dc542fd80c74010de1aaf483363d109acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe

Filesize
468KB

MD5
acfffc06ddccc0b095bb12f039ada4cf

SHA1
4f5f034123ddef402b95d4d3f4cbb1b3f8c290e9

SHA256
c98446f2cd629f3a25831466434c38364a164888aaefddfda86593193e62f5bb

SHA512
4eec5abc5d3002e2e6736cb88ac9fe927d6ad05df8e41d886fde57edb3dff6eac60eca414df0c0ce318320353d8aa87b48999a68da560092827a07e896ab7054

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe

Filesize
468KB

MD5
fb5c48a540837c68ef8aae99307c0571

SHA1
a819d0699618b3917a85e0d29ba770bcaffb0bdc

SHA256
480279a2c59da96a0b0bf3f70da2aaa7e98f2f2028541948c8b99d49ec498ae4

SHA512
d67fedce3c7dfc503500be69635b3cd64f51a5d0f1cfc25fa872ece4f203db1e5e7322dbd273225403031f29c770059e30042dc4f6503b894639165fc6ea06b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe

Filesize
468KB

MD5
d50010bcf9e37e58693899dbc63ff9fc

SHA1
5c8ca77cd604251b6c059ab40366e0b30360baf0

SHA256
08d8bf11a51d9b2915da258716c6768c56edeeccc5542f7cf4b9d05b8720a7e6

SHA512
92e73229182bb3a1a780ad887ea73ac0d12f16b51ce3d709d9457618f385b8e35276633c636f2a935dd1e78b544e98f8c8a723b62cd5cf01d507ae3450b8733d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe

Filesize
468KB

MD5
0f0782cbf685e40942e24875f283dd0a

SHA1
87f36914663a049db34ef3eebb7e67effeffbea5

SHA256
3bc1656eaaa6b01e500c9b724cce82fd08ea5bfeb27059bf4799a944b75b1b2b

SHA512
6cdb35897791568200e04b835531d562707f51489e3eabc342fbe548c2aba6e13bd93f8eee056cbd783045bc5fe802a0a3f819899e391db2073afc68e5aa0868

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe

Filesize
468KB

MD5
54e88856e2b63d154060b1a378b0004c

SHA1
d7936e2307fadee0e1d8d0423af63e693e26d9cb

SHA256
5a48de96025a4cbb6947fdedc0305365b7400cb5e03219d1471f0f093cd9db9f

SHA512
883b0a039485cc495f62a312d65a750fdec7f6934b59b34e61d15e61c5ac1b85b685bafce3d9103720d2f29ef38cea57ddeef1261cdafa27ddfd9f276ca3bc43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9951.exe

Filesize
468KB

MD5
160f62dff028f627c61c984f76159ff9

SHA1
392a041cde301abb73b287ab0f40d67e4ed12986

SHA256
6d14fd01458235a47c14c5e97c1b560d7cb3e734a26e191d4f82817f525831e7

SHA512
b7007b7d022794b9e406764b6ee1939c954b698dc1ebea9d5fab66c42283e76e3c81b947598c7426649fc042cf298023eaee5ef1078bdc0095003ce407ea732b

Download Submit
memory/2980-2466-0x0000000075A40000-0x0000000075AD6000-memory.dmp

Filesize
600KB

Download