b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394c

Analysis

max time kernel
119s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe
Size

468KB
MD5

ddd9b71a8d451adde595fe57072a8920
SHA1

265df02ba5696da8683329dbce041169a7ff92fd
SHA256

b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394c
SHA512

f960332b1613aa907010e9a8beb707968e7b437768de8cd1c5fce8ba748c5d265613ce6c4081af7eb0911d34d74e0f72143d890691d0c19e221c917f361e404e
SSDEEP

3072:1G3HogISIE5TtbY2HzcOcf8/zCcaP0pkJVHeTVPyQ6gLR+o4Esl4:1G3obMTtxH4OcfVY10Q6KAo4E

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4320	Unicorn-45424.exe
3536	Unicorn-58911.exe
2840	Unicorn-63550.exe
2928	Unicorn-25144.exe
4872	Unicorn-16976.exe
3736	Unicorn-62647.exe
4344	Unicorn-35350.exe
228	Unicorn-19519.exe
1928	Unicorn-12227.exe
1696	Unicorn-16046.exe
3564	Unicorn-61983.exe
1716	Unicorn-10181.exe
4828	Unicorn-10447.exe
3524	Unicorn-10255.exe
3296	Unicorn-22508.exe
4944	Unicorn-2642.exe
5092	Unicorn-32928.exe
4416	Unicorn-18232.exe
3840	Unicorn-3933.exe
4112	Unicorn-9798.exe
764	Unicorn-367.exe
1220	Unicorn-44031.exe
3216	Unicorn-65520.exe
3096	Unicorn-36230.exe
4400	Unicorn-46999.exe
2292	Unicorn-5966.exe
776	Unicorn-38084.exe
3984	Unicorn-58239.exe
3716	Unicorn-174.exe
1376	Unicorn-16709.exe
2952	Unicorn-5774.exe
1108	Unicorn-13387.exe
4576	Unicorn-35344.exe
3728	Unicorn-60808.exe
1060	Unicorn-60808.exe
1612	Unicorn-48556.exe
1576	Unicorn-53195.exe
684	Unicorn-11150.exe
2152	Unicorn-7886.exe
4100	Unicorn-6070.exe
4904	Unicorn-41348.exe
2624	Unicorn-49516.exe
4348	Unicorn-36195.exe
3936	Unicorn-12567.exe
4916	Unicorn-48447.exe
4412	Unicorn-21290.exe
1408	Unicorn-41710.exe
536	Unicorn-53176.exe
5104	Unicorn-52646.exe
4512	Unicorn-36110.exe
3008	Unicorn-55446.exe
3484	Unicorn-12951.exe
4344	Unicorn-9635.exe
2628	Unicorn-65173.exe
4120	Unicorn-8566.exe
3144	Unicorn-17804.exe
3168	Unicorn-63475.exe
4964	Unicorn-36178.exe
2320	Unicorn-22442.exe
4684	Unicorn-37155.exe
4564	Unicorn-3313.exe
4076	Unicorn-30295.exe
2724	Unicorn-64036.exe
2280	Unicorn-52339.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3040	2840	WerFault.exe	84
1608	4344	WerFault.exe	88
4576	4872	WerFault.exe	86
868	2928	WerFault.exe	85
4292	4344	WerFault.exe	88
3420	4872	WerFault.exe	86
3632	228	WerFault.exe	92
4904	1716	WerFault.exe	96
4348	1716	WerFault.exe	96
4412	4828	WerFault.exe	109
2908	4944	WerFault.exe	114
1960	5092	WerFault.exe	115
1864	4416	WerFault.exe	116
3252	4944	WerFault.exe	114
4584	4416	WerFault.exe	116
4600	5092	WerFault.exe	115
4292	764	WerFault.exe	125
2464	2292	WerFault.exe	135
1520	2952	WerFault.exe	140
1504	1928	WerFault.exe	94
3876	1696	WerFault.exe	97
2744	2952	WerFault.exe	140
1008	2292	WerFault.exe	135
1960	1928	WerFault.exe	94
3608	1696	WerFault.exe	97
3520	4576	WerFault.exe	152
2892	1576	WerFault.exe	160
3640	1220	WerFault.exe	129
2908	536	WerFault.exe	173
4404	1576	WerFault.exe	160
2328	5104	WerFault.exe	174
1504	4512	WerFault.exe	175
1900	4512	WerFault.exe	175
2544	536	WerFault.exe	173
1960	5104	WerFault.exe	174
3152	3144	WerFault.exe	198
5240	4684	WerFault.exe	203
5460	4564	WerFault.exe	204
5592	2320	WerFault.exe	201
5984	1008	WerFault.exe	259
2108	3716	WerFault.exe	138
5660	4752	WerFault.exe	213
7120	5300	WerFault.exe	318
9000	5940	WerFault.exe	307
6808	1736	WerFault.exe	239
9080	7044	WerFault.exe	430
8312	6508	WerFault.exe	418
9072	5916	WerFault.exe	363
8960	6756	WerFault.exe	454
4756	6176	WerFault.exe	438
8780	7016	WerFault.exe	451
9200	4860	WerFault.exe	436
7608	6832	WerFault.exe	455
7444	7144	WerFault.exe	435
6060	6708	WerFault.exe	453
5396	6204	WerFault.exe	404
5884	6900	WerFault.exe	426
9188	6812	WerFault.exe	423
8452	6388	WerFault.exe	412
3484	5464	WerFault.exe	395
1752	6420	WerFault.exe	414
4520	7136	WerFault.exe	434
5444	6236	WerFault.exe	406
5260	6452	WerFault.exe	416

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55485.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe
4320	Unicorn-45424.exe
3536	Unicorn-58911.exe
2840	Unicorn-63550.exe
2928	Unicorn-25144.exe
4344	Unicorn-35350.exe
4872	Unicorn-16976.exe
3736	Unicorn-62647.exe
228	Unicorn-19519.exe
1928	Unicorn-12227.exe
1696	Unicorn-16046.exe
1716	Unicorn-10181.exe
3564	Unicorn-61983.exe
4828	Unicorn-10447.exe
3524	Unicorn-10255.exe
3296	Unicorn-22508.exe
4944	Unicorn-2642.exe
5092	Unicorn-32928.exe
3840	Unicorn-3933.exe
4112	Unicorn-9798.exe
4416	Unicorn-18232.exe
764	Unicorn-367.exe
1220	Unicorn-44031.exe
3216	Unicorn-65520.exe
3096	Unicorn-36230.exe
4400	Unicorn-46999.exe
776	Unicorn-38084.exe
3984	Unicorn-58239.exe
2292	Unicorn-5966.exe
1376	Unicorn-16709.exe
3716	Unicorn-174.exe
1108	Unicorn-13387.exe
2952	Unicorn-5774.exe
4576	Unicorn-35344.exe
1060	Unicorn-60808.exe
3728	Unicorn-60808.exe
1612	Unicorn-48556.exe
1576	Unicorn-53195.exe
2152	Unicorn-7886.exe
4100	Unicorn-6070.exe
4904	Unicorn-41348.exe
2624	Unicorn-49516.exe
4348	Unicorn-36195.exe
3936	Unicorn-12567.exe
4916	Unicorn-48447.exe
4412	Unicorn-21290.exe
4512	Unicorn-36110.exe
5104	Unicorn-52646.exe
1408	Unicorn-41710.exe
3008	Unicorn-55446.exe
536	Unicorn-53176.exe
3484	Unicorn-12951.exe
4344	Unicorn-9635.exe
2628	Unicorn-65173.exe
4120	Unicorn-8566.exe
3144	Unicorn-17804.exe
3168	Unicorn-63475.exe
4964	Unicorn-36178.exe
2320	Unicorn-22442.exe
4564	Unicorn-3313.exe
4684	Unicorn-37155.exe
4076	Unicorn-30295.exe
2724	Unicorn-64036.exe
2280	Unicorn-52339.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4320	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	82
PID 2740 wrote to memory of 4320	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	82
PID 2740 wrote to memory of 4320	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	82
PID 4320 wrote to memory of 3536	4320	Unicorn-45424.exe	83
PID 4320 wrote to memory of 3536	4320	Unicorn-45424.exe	83
PID 4320 wrote to memory of 3536	4320	Unicorn-45424.exe	83
PID 2740 wrote to memory of 2840	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	84
PID 2740 wrote to memory of 2840	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	84
PID 2740 wrote to memory of 2840	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	84
PID 2840 wrote to memory of 2928	2840	Unicorn-63550.exe	85
PID 2840 wrote to memory of 2928	2840	Unicorn-63550.exe	85
PID 2840 wrote to memory of 2928	2840	Unicorn-63550.exe	85
PID 3536 wrote to memory of 4872	3536	Unicorn-58911.exe	86
PID 3536 wrote to memory of 4872	3536	Unicorn-58911.exe	86
PID 3536 wrote to memory of 4872	3536	Unicorn-58911.exe	86
PID 4320 wrote to memory of 3736	4320	Unicorn-45424.exe	87
PID 4320 wrote to memory of 3736	4320	Unicorn-45424.exe	87
PID 4320 wrote to memory of 3736	4320	Unicorn-45424.exe	87
PID 2740 wrote to memory of 4344	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	88
PID 2740 wrote to memory of 4344	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	88
PID 2740 wrote to memory of 4344	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	88
PID 2928 wrote to memory of 228	2928	Unicorn-25144.exe	92
PID 2928 wrote to memory of 228	2928	Unicorn-25144.exe	92
PID 2928 wrote to memory of 228	2928	Unicorn-25144.exe	92
PID 3736 wrote to memory of 1928	3736	Unicorn-62647.exe	94
PID 3736 wrote to memory of 1928	3736	Unicorn-62647.exe	94
PID 3736 wrote to memory of 1928	3736	Unicorn-62647.exe	94
PID 4320 wrote to memory of 1716	4320	Unicorn-45424.exe	96
PID 4320 wrote to memory of 1716	4320	Unicorn-45424.exe	96
PID 4320 wrote to memory of 1716	4320	Unicorn-45424.exe	96
PID 2740 wrote to memory of 1696	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	97
PID 2740 wrote to memory of 1696	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	97
PID 2740 wrote to memory of 1696	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	97
PID 3536 wrote to memory of 3564	3536	Unicorn-58911.exe	98
PID 3536 wrote to memory of 3564	3536	Unicorn-58911.exe	98
PID 3536 wrote to memory of 3564	3536	Unicorn-58911.exe	98
PID 228 wrote to memory of 4828	228	Unicorn-19519.exe	109
PID 228 wrote to memory of 4828	228	Unicorn-19519.exe	109
PID 228 wrote to memory of 4828	228	Unicorn-19519.exe	109
PID 1928 wrote to memory of 3524	1928	Unicorn-12227.exe	112
PID 1928 wrote to memory of 3524	1928	Unicorn-12227.exe	112
PID 1928 wrote to memory of 3524	1928	Unicorn-12227.exe	112
PID 1696 wrote to memory of 3296	1696	Unicorn-16046.exe	113
PID 1696 wrote to memory of 3296	1696	Unicorn-16046.exe	113
PID 1696 wrote to memory of 3296	1696	Unicorn-16046.exe	113
PID 3736 wrote to memory of 4944	3736	Unicorn-62647.exe	114
PID 3736 wrote to memory of 4944	3736	Unicorn-62647.exe	114
PID 3736 wrote to memory of 4944	3736	Unicorn-62647.exe	114
PID 2740 wrote to memory of 5092	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	115
PID 2740 wrote to memory of 5092	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	115
PID 2740 wrote to memory of 5092	2740	b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe	115
PID 3564 wrote to memory of 4416	3564	Unicorn-61983.exe	116
PID 3564 wrote to memory of 4416	3564	Unicorn-61983.exe	116
PID 3564 wrote to memory of 4416	3564	Unicorn-61983.exe	116
PID 3536 wrote to memory of 3840	3536	Unicorn-58911.exe	117
PID 3536 wrote to memory of 3840	3536	Unicorn-58911.exe	117
PID 3536 wrote to memory of 3840	3536	Unicorn-58911.exe	117
PID 4320 wrote to memory of 4112	4320	Unicorn-45424.exe	118
PID 4320 wrote to memory of 4112	4320	Unicorn-45424.exe	118
PID 4320 wrote to memory of 4112	4320	Unicorn-45424.exe	118
PID 4828 wrote to memory of 764	4828	Unicorn-10447.exe	125
PID 4828 wrote to memory of 764	4828	Unicorn-10447.exe	125
PID 4828 wrote to memory of 764	4828	Unicorn-10447.exe	125
PID 3524 wrote to memory of 1220	3524	Unicorn-10255.exe	129

C:\Users\Admin\AppData\Local\Temp\b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe
"C:\Users\Admin\AppData\Local\Temp\b4902781815e0d28f227af80fca81b9457ceaf470110542d3aee8bd4c947394cN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 720
        5⤵
        Program crash
        
        PID:4576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 720
        5⤵
        Program crash
        
        PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 724
        6⤵
        Program crash
        
        PID:1864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 768
        6⤵
        Program crash
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 636
        6⤵
        Program crash
        
        PID:1520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 636
        6⤵
        Program crash
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        9⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 632
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        8⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 636
        9⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        7⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 636
        8⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 628
        7⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 628
        7⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        8⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 640
        9⤵
        Program crash
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        8⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 636
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 612
        8⤵
        Program crash
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 652
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58411.exe
        7⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 728
        8⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        9⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        10⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        9⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
        7⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 644
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        7⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        6⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        7⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64546.exe
        6⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 636
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        5⤵
        
        PID:1820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 632
        6⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
        5⤵
        
        PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        9⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        10⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        11⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 644
        12⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        11⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 728
        10⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        9⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        10⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        9⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27696.exe
        10⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 636
        8⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        8⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 724
        9⤵
        Program crash
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        8⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 632
        9⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        8⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        7⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 640
        8⤵
        Program crash
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 652
        7⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        8⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 632
        9⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        8⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 636
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        7⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 636
        8⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        7⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        8⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        6⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 636
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        6⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        7⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        6⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        11⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        10⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63226.exe
        10⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3346.exe
        9⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 636
        10⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        7⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 640
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        7⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 636
        8⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 636
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62755.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        7⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        8⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 636
        9⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        9⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 636
        10⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        9⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        7⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 636
        8⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        6⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 648
        7⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        6⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 636
        7⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe
        10⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 636
        11⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 648
        8⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 648
        8⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 656
        7⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        6⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        9⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 636
        8⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        7⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 644
        7⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        6⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 636
        7⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        5⤵
        
        PID:11040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 636
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        5⤵
        
        PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        9⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 756
        9⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        8⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 636
        9⤵
        Program crash
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 748
        8⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 740
        7⤵
        Program crash
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 636
        5⤵
        Program crash
        
        PID:2328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 680
        5⤵
        Program crash
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        5⤵
        
        PID:6168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 752
        5⤵
        
        PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        7⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 632
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        7⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        6⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        7⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        5⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34136.exe
        6⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        5⤵
        
        PID:7628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 640
        11⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        13⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        12⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4586.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        13⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        12⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
        11⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        10⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 720
        11⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        10⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 636
        7⤵
        Program crash
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 636
        7⤵
        Program crash
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 668
        7⤵
        Program crash
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 648
        9⤵
        Program crash
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        7⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        6⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21411.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        8⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 636
        9⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        7⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 632
        8⤵
        Program crash
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        7⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 636
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        7⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        6⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        6⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 636
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        6⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
        7⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        6⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 724
        6⤵
        Program crash
        
        PID:2464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 724
        6⤵
        Program crash
        
        PID:1008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 748
        5⤵
        Program crash
        
        PID:1504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 748
        5⤵
        Program crash
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 720
        5⤵
        Program crash
        
        PID:2908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 720
        5⤵
        Program crash
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 644
        7⤵
        Program crash
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        9⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        10⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        9⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 724
        10⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        9⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        7⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 628
        8⤵
        Program crash
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 644
        7⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        7⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 636
        8⤵
        Program crash
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        6⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 644
        7⤵
        Program crash
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        6⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 632
        7⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        6⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 640
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        6⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 684
        6⤵
        Program crash
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        5⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        5⤵
        
        PID:6204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 552
        6⤵
        Program crash
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        5⤵
        
        PID:2308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 636
        6⤵
        
        PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
      4⤵
      Executes dropped EXE
      PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        6⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 628
        7⤵
        Program crash
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        9⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        7⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        8⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        6⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 636
        6⤵
        Program crash
        
        PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        6⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56979.exe
        7⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        6⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        5⤵
        
        PID:8356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 636
        6⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
      4⤵
      PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 628
        5⤵
        Program crash
        
        PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
      4⤵
      PID:7776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 640
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
      4⤵
      PID:10964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
      4⤵
      PID:12340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 720
      4⤵
      Program crash
      PID:4904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 720
      4⤵
      Program crash
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38079.exe
        6⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        9⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 636
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        10⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        11⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        10⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        9⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 636
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50700.exe
        10⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        11⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        10⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 632
        8⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52230.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        5⤵
        
        PID:5584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 632
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
        5⤵
        
        PID:7228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 636
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        5⤵
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        7⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 640
        8⤵
        Program crash
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        7⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 636
        8⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        6⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        8⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        6⤵
        
        PID:6600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 660
        6⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        8⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 640
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        7⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        8⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
        5⤵
        
        PID:8432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 636
        6⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        5⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        6⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        5⤵
        
        PID:1008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 644
        6⤵
        Program crash
        
        PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 636
      4⤵
      Program crash
      PID:1504
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 656
      4⤵
      Program crash
      PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
    3⤵
    PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
    3⤵
    PID:992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 636
      4⤵
      PID:428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
    3⤵
    PID:5792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 636
      4⤵
      PID:9972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
    3⤵
    PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
      4⤵
      PID:13764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
    3⤵
    PID:12616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        12⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        13⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 632
        13⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 732
        12⤵
        Program crash
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 724
        8⤵
        Program crash
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 744
        7⤵
        Program crash
        
        PID:4292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 724
        6⤵
        Program crash
        
        PID:4412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 724
        5⤵
        Program crash
        
        PID:3632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 640
      4⤵
      Program crash
      PID:868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 752
    3⤵
    - Program crash
    PID:3040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4344
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 636
    3⤵
    - Program crash
    PID:1608
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 636
    3⤵
    - Program crash
    PID:4292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        10⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        11⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        12⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        13⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        14⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        13⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        12⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        11⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 716
        8⤵
        Program crash
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        7⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 644
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        7⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 636
        8⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10398.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        9⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        10⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        11⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        13⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        12⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        11⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
        12⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        11⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        9⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        10⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        11⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        9⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
        10⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        9⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 664
        8⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 636
        10⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 764
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
        9⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 720
        10⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        9⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        8⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 636
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        7⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 640
        8⤵
        Program crash
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        6⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62495.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        8⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 632
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        8⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
        7⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 636
        8⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
        6⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 640
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        6⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        7⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        6⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 636
        7⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        6⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 636
        7⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        6⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        7⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        6⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 636
        7⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
        6⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
        7⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        5⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        6⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 624
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        5⤵
        
        PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 632
        6⤵
        Program crash
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
        8⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        9⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 624
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        7⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 636
        9⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        8⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        8⤵
        
        PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 688
        5⤵
        Program crash
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 644
        6⤵
        Program crash
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        6⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        8⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        7⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        6⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5438.exe
        7⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60124.exe
        6⤵
        
        PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 640
        5⤵
        
        PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
      4⤵
      PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
        5⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        5⤵
        
        PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
      4⤵
      PID:10956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 636
        5⤵
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
      4⤵
      PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
        6⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        9⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 548
        11⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        9⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        10⤵
        
        PID:736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 624
        8⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        7⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 728
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12910.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
        8⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        6⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 636
        7⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
        5⤵
        
        PID:5464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 644
        6⤵
        Program crash
        
        PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
      4⤵
      PID:2952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 736
    3⤵
    - Program crash
    PID:3876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 772
    3⤵
    - Program crash
    PID:3608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 636
    3⤵
    - Program crash
    PID:1960
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 656
    3⤵
    - Program crash
    PID:4600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
      4⤵
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        7⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 636
        8⤵
        Program crash
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        6⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 652
        7⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        6⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 720
        7⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
        6⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        7⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
    3⤵
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 724
        6⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        8⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 636
        9⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        6⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 636
        7⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
        6⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        7⤵
        
        PID:12832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 628
    3⤵
    - Program crash
    PID:2108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 724
    3⤵
    - Program crash
    PID:2908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 724
    3⤵
    - Program crash
    PID:2544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
  2⤵
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        6⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 636
        7⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        5⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 540
        7⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        5⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        6⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
      4⤵
      PID:8456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 636
        5⤵
        
        PID:12044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
    3⤵
    PID:5556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 640
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
    3⤵
    PID:8372
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 640
      4⤵
      PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
    3⤵
    PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
      4⤵
      PID:12492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
    3⤵
    PID:11896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
  2⤵
  PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
    3⤵
    PID:6900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 648
      4⤵
      Program crash
      PID:5884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11373.exe
  2⤵
  PID:6748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 632
    3⤵
    PID:7984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
  2⤵
  PID:8396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
    3⤵
    PID:9356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 720
      4⤵
      PID:9128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
    3⤵
    PID:12848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
  2⤵
  PID:10020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 636
    3⤵
    PID:8428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2840 -ip 2840
1⤵
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4344 -ip 4344
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4872 -ip 4872
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2928 -ip 2928
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4344 -ip 4344
1⤵
PID:716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4872 -ip 4872
1⤵
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 228 -ip 228
1⤵
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1716 -ip 1716
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1716 -ip 1716
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4828 -ip 4828
1⤵
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4944 -ip 4944
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5092 -ip 5092
1⤵
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4416 -ip 4416
1⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4944 -ip 4944
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4416 -ip 4416
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5092 -ip 5092
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 764 -ip 764
1⤵
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2292 -ip 2292
1⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2952 -ip 2952
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1928 -ip 1928
1⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1696 -ip 1696
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2952 -ip 2952
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2292 -ip 2292
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1928 -ip 1928
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1696 -ip 1696
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4576 -ip 4576
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1576 -ip 1576
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1220 -ip 1220
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 536 -ip 536
1⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5104 -ip 5104
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4512 -ip 4512
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1576 -ip 1576
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1220 -ip 1220
1⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3484 -ip 3484
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4512 -ip 4512
1⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 536 -ip 536
1⤵
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5104 -ip 5104
1⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3144 -ip 3144
1⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2320 -ip 2320
1⤵
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4684 -ip 4684
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4564 -ip 4564
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4076 -ip 4076
1⤵
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4564 -ip 4564
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4684 -ip 4684
1⤵
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2320 -ip 2320
1⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4076 -ip 4076
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3728 -ip 3728
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4100 -ip 4100
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3596 -ip 3596
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4416 -ip 4416
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2952 -ip 2952
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3944 -ip 3944
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2184 -ip 2184
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5060 -ip 5060
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4916 -ip 4916
1⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3984 -ip 3984
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1408 -ip 1408
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 4400 -ip 4400
1⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3008 -ip 3008
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3716 -ip 3716
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2624 -ip 2624
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4112 -ip 4112
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1376 -ip 1376
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3728 -ip 3728
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4100 -ip 4100
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2952 -ip 2952
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3596 -ip 3596
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4416 -ip 4416
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3944 -ip 3944
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2184 -ip 2184
1⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5060 -ip 5060
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4916 -ip 4916
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3984 -ip 3984
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4400 -ip 4400
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3716 -ip 3716
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3008 -ip 3008
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1408 -ip 1408
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2624 -ip 2624
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1008 -ip 1008
1⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4112 -ip 4112
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1376 -ip 1376
1⤵
PID:64

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4088 -ip 4088
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1644 -ip 1644
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2464 -ip 2464
1⤵
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4752 -ip 4752
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3144 -ip 3144
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2004 -ip 2004
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2280 -ip 2280
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5580 -ip 5580
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5756 -ip 5756
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5692 -ip 5692
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5612 -ip 5612
1⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5568 -ip 5568
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5344 -ip 5344
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5680 -ip 5680
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 428 -ip 428
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5884 -ip 5884
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5652 -ip 5652
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2152 -ip 2152
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5184 -ip 5184
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5300 -ip 5300
1⤵
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5856 -ip 5856
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5152 -ip 5152
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4512 -ip 4512
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4260 -ip 4260
1⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5720 -ip 5720
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5396 -ip 5396
1⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5988 -ip 5988
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5940 -ip 5940
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5624 -ip 5624
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6044 -ip 6044
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4088 -ip 4088
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1644 -ip 1644
1⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1616 -ip 1616
1⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 1736 -ip 1736
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4864 -ip 4864
1⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1060 -ip 1060
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3936 -ip 3936
1⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2008 -ip 2008
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1504 -ip 1504
1⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2004 -ip 2004
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 2280 -ip 2280
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5692 -ip 5692
1⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5580 -ip 5580
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4120 -ip 4120
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5756 -ip 5756
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2628 -ip 2628
1⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2724 -ip 2724
1⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4964 -ip 4964
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3168 -ip 3168
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3852 -ip 3852
1⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1608 -ip 1608
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4944 -ip 4944
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1444 -ip 1444
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5612 -ip 5612
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5568 -ip 5568
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5828 -ip 5828
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 428 -ip 428
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5344 -ip 5344
1⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5680 -ip 5680
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5440 -ip 5440
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5884 -ip 5884
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 5652 -ip 5652
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 2152 -ip 2152
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5184 -ip 5184
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5856 -ip 5856
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5152 -ip 5152
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5740 -ip 5740
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4260 -ip 4260
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 4512 -ip 4512
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5396 -ip 5396
1⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5720 -ip 5720
1⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5988 -ip 5988
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5940 -ip 5940
1⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5624 -ip 5624
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6044 -ip 6044
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1616 -ip 1616
1⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 1736 -ip 1736
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 4864 -ip 4864
1⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3936 -ip 3936
1⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 1060 -ip 1060
1⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 2008 -ip 2008
1⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 4336 -ip 4336
1⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 1504 -ip 1504
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 6112 -ip 6112
1⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2628 -ip 2628
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4120 -ip 4120
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 6600 -ip 6600
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 6348 -ip 6348
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6196 -ip 6196
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6224 -ip 6224
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 2292 -ip 2292
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 6236 -ip 6236
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6400 -ip 6400
1⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7136 -ip 7136
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 6880 -ip 6880
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6928 -ip 6928
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 1928 -ip 1928
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6168 -ip 6168
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 6824 -ip 6824
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2724 -ip 2724
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6452 -ip 6452
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 4964 -ip 4964
1⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5464 -ip 5464
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6420 -ip 6420
1⤵
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6388 -ip 6388
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6812 -ip 6812
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6204 -ip 6204
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6248 -ip 6248
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 992 -ip 992
1⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6756 -ip 6756
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6900 -ip 6900
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6708 -ip 6708
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 7144 -ip 7144
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6832 -ip 6832
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4860 -ip 4860
1⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7016 -ip 7016
1⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6176 -ip 6176
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7044 -ip 7044
1⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 3168 -ip 3168
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 3852 -ip 3852
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 5916 -ip 5916
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6508 -ip 6508
1⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 1608 -ip 1608
1⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 5556 -ip 5556
1⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6748 -ip 6748
1⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 6932 -ip 6932
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 4944 -ip 4944
1⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1444 -ip 1444
1⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6888 -ip 6888
1⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5828 -ip 5828
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 6704 -ip 6704
1⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5596 -ip 5596
1⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6860 -ip 6860
1⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6164 -ip 6164
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 1372 -ip 1372
1⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1256 -ip 1256
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3144 -ip 3144
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6608 -ip 6608
1⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6536 -ip 6536
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6732 -ip 6732
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7688 -ip 7688
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5376 -ip 5376
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 5156 -ip 5156
1⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 5144 -ip 5144
1⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 5016 -ip 5016
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4276 -ip 4276
1⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 2312 -ip 2312
1⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1900 -ip 1900
1⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 684 -ip 684
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5912 -ip 5912
1⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 3536 -ip 3536
1⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5168 -ip 5168
1⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 4348 -ip 4348
1⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 2620 -ip 2620
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3392 -ip 3392
1⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 5784 -ip 5784
1⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2404 -ip 2404
1⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 5740 -ip 5740
1⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 4092 -ip 4092
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5676 -ip 5676
1⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 2624 -ip 2624
1⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 5712 -ip 5712
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 5352 -ip 5352
1⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 1792 -ip 1792
1⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2544 -ip 2544
1⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 2652 -ip 2652
1⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5304 -ip 5304
1⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 8 -ip 8
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 4428 -ip 4428
1⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 4828 -ip 4828
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 2440 -ip 2440
1⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 5392 -ip 5392
1⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 1008 -ip 1008
1⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 916 -ip 916
1⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 8180 -ip 8180
1⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 5188 -ip 5188
1⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4336 -ip 4336
1⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 4484 -ip 4484
1⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 7288 -ip 7288
1⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 3396 -ip 3396
1⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 8144 -ip 8144
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 7056 -ip 7056
1⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 7032 -ip 7032
1⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 6924 -ip 6924
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5848 -ip 5848
1⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7796 -ip 7796
1⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 8040 -ip 8040
1⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7344 -ip 7344
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6600 -ip 6600
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6492 -ip 6492
1⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6112 -ip 6112
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 6196 -ip 6196
1⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1476 -p 6348 -ip 6348
1⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6224 -ip 6224
1⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 6880 -ip 6880
1⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6928 -ip 6928
1⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 1928 -ip 1928
1⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6168 -ip 6168
1⤵
PID:13544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 5584 -ip 5584
1⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7968 -ip 7968
1⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 6400 -ip 6400
1⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7988 -ip 7988
1⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6824 -ip 6824
1⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 6872 -ip 6872
1⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 5832 -ip 5832
1⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 8224 -ip 8224
1⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2280 -ip 2280
1⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 8648 -ip 8648
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1820 -ip 1820
1⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6540 -ip 6540
1⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 8488 -ip 8488
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 8496 -ip 8496
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 8372 -ip 8372
1⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 8072 -ip 8072
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5792 -ip 5792
1⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 8472 -ip 8472
1⤵
PID:13704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 8240 -ip 8240
1⤵
PID:8452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe

Filesize
468KB

MD5
c6e3feb0c315dec646e36b117bd123d8

SHA1
52deeb19d589aa5184a0be01d4b5fdb21658fd7b

SHA256
e7108f61976cdd92cca76f5ead0fe935e4340801a42427e689c174887b09d688

SHA512
9f628709f10d150d8aeeec6299b9884d484727730ccb06001a1f276ec5ecb2c522a4071a0e29978d05ba456fea4aaebf4ff5ba7c845a931a9fd9309d0e81c677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe

Filesize
468KB

MD5
632cc2187a144b10ee289e64982c8eee

SHA1
54f4f2c32b5adfcf0fc0c439ada9353577445f25

SHA256
1828246285a30f2321a70f7917227fd2439008d22a813c92a51a5d2c68491cbf

SHA512
b4935f0d2cdc0bb3c1a7a4f69b39e4d2e3862ba950976efb49e7653a56cbf690d150df6f3d545b931966dc74213a9ecd63cd069e8d50a032f795cb76df8a199d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe

Filesize
468KB

MD5
c1761d18b2ac4c5228de1d64263a6c10

SHA1
9fd42d63b7396bf091f29a2f316ec10c97c72f90

SHA256
8a4e15439a96a1c7b1ab8361a6e2641576cc7c884eed89e0b6c4c64ebeabdb00

SHA512
d1a069e9847ef3201e46af89ca8f3fae030ad9a2c9a7d4a2e5a905c1d124c56cc0a99fea23de3177ad0e7e250e69c89f117c41ac6f5ec51ee84801e5acc29e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe

Filesize
468KB

MD5
04b06982b29ba0b6780d29a4288f3802

SHA1
a1afdd7e1a308ee71500c53aa8d93b733ae9d805

SHA256
786f59d7ac9766ab57e8bd44d94b4f3b5761c0458177fb863f939249752c520f

SHA512
268afeac1c5c190887a40faf287769aebe9dc5e3f0d171acd2af4d915f20ab9720b85e257b121245e3e1505af707c4c5ce6a927f8c0b035e01889d71117dc5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe

Filesize
468KB

MD5
3ee556bd239bedc6bf711f3b82f054ce

SHA1
736e52187ef0e2c84122f5809e0b8863a55cc77d

SHA256
42b926f0f689615cc2ae100537a872d2bcce18a91a6bcf15a96962a39ba2baeb

SHA512
6385cf18469919c2461de13f936a1e555bfc8282c87bb49841ff060f9f03b4556e47ac74a21007b3b9f79c66b401ec3142d7ae49be99e464f43114803fe0d88e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe

Filesize
468KB

MD5
468b18d20c472e386718dda0bdb0c74b

SHA1
94b7377d02a3911cf6beb2028a0734bc05fdb2a5

SHA256
c12d63c11df5b1727057a6627da18dfc5356ed8050af5d0b2e069b8af2016a21

SHA512
ccf6d28da8e4d9df8bc36f25d1c53127ed93cd4ad6f15c80aeeffd98b8d9053abab760428e3579b49ef3531d4d35d4bbe47897e1da81f51f198a336ed34b1f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe

Filesize
468KB

MD5
3e0845ebc28181c8bcf0c980bcc3588c

SHA1
e81338cc1c555251d5c0b56d031b0209ed7929c0

SHA256
0f4e35cfd87ad75353f2db80a83671452d81ce84071bf3d794d3456f428b52fd

SHA512
d6bd4d660038c00d9c33c417697b8227013d48f5a7bf99d431a0028d3cf2a60f45c3d40b9524d20a1cac29cf6eb8d7fc9c45db8425241400575a394b32e315f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe

Filesize
468KB

MD5
0debf5a1ca52149980c421a846664384

SHA1
b3cb65bd21fd42f1cfb032c69845620510046cd5

SHA256
5b6c1228843290c4c60829d0c4cddbe9d0725bf4a4f671174ef07bb0122b96fc

SHA512
c7318a221811c84b470e71f143642be1104f931ff37d91d2f1a719ba1af4783d3945d6d7467fe4a10f00a4dae58c060a133dec7a2062c6ac936606c74f3428e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe

Filesize
468KB

MD5
9ee88200a548bbb961983ace9b64e223

SHA1
6c37137594f3b8bb56e92440e9e1a3bcc8559a41

SHA256
c9b5512144d604af3c08d4f2b9a11e4f3ac4c446b1c3e8832663225af583ae74

SHA512
952b72386da3847e77bdf6749e8a7a7237e1e848783658f4bd92a64d719c4eb971ecef132c8ecd6a29b579d3fa65ef698d259f93a32d3d1e4f5cac4e76504cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe

Filesize
468KB

MD5
cb31ba47b7990846fd6f8057ed1854f1

SHA1
fd9d927259426a7ff7a07a3f61a9df9a59ff60ac

SHA256
62b66da938ea891f71527892bacb05acb8e5a63569d114a360c17b7a493ab627

SHA512
c54f60be0d50fc927db0b9d51a4bd4cc065140a9f3b1ca9e13803c79a82acc79c539fcd048595801d2bf565ea37083c93eeab89bed050274a892e2b7720d04ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe

Filesize
468KB

MD5
e66d250218bdac3bc8ce9a2a504a435f

SHA1
f3fc45e53ffe66d0332f7f19e93e8f56b442362f

SHA256
d18c531175e9abb22b7e199a8ea0433c358d8599521dd961b00210bb6ed7db09

SHA512
1731d4cb627a0a989bd37aba5ed4c271b1e95d046e15b91c7e33d9a5c27e5e45745a44322b3f3e9f8345427f0ba637c15873fc93db4944377b4aae70d52071c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe

Filesize
468KB

MD5
4be10b66545193bd3f17e5575b0da6e1

SHA1
db21cebccbadc6e9096b72c18c6f1b9788e9283e

SHA256
6432f4920d6a1df9b1f80f2062451a98303821e75a96b440a7a508e96577b1c4

SHA512
7ff56a09a7fbb092723fdb23d659e0045ecb56e183daf68e8de3ad318e61c778f4368895cb96f1c597dbbda576c9bcf6addb31504ab1debc056c0a15313cf74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe

Filesize
468KB

MD5
50e3a55e770b1609f010a8db8d6f43be

SHA1
f85d0528fe49dbf84c70a9a29acbf54240b2e8b9

SHA256
4f3163292b5b8ac91de72c412412d190fdfe43aadb8dbed96145795f176a4ec0

SHA512
30e0ca1163b77525c6714edee5dedeedc74af63a50ef8b98d78c6ab6b2a8642d66d5abce1100ca53a7fca11dc540d86fd10402e22188b62ff36c4c0b7ba8260e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe

Filesize
468KB

MD5
40c1ae47457e83c9585dadde99cd6f0e

SHA1
dfed5ba782be3cbb7351bda8ddcbd049082ab74c

SHA256
d9e9b811c76aceef0944326975142720b290d494d06d13aca72d9f8cd6f19052

SHA512
ca0cb3f0d329644d4637d9b491f94b8bb33add326de4dc4e2d0750e9b6e0ce431be899d50026178c77806ca9c9ee7d23853adc2cace288140e0e3ca8ec831274

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe

Filesize
468KB

MD5
846e5944d13b3e1a07a1f6c86e05beae

SHA1
e3006ed17fc7a243108a5295a30a819daa768a3e

SHA256
7ae83e0c90bd1892c374847ee1a018d6a04235e0ea37e4a49227b2f7be70d28c

SHA512
923240d63b771144137f6899f91ec43b523c045428d85c57e3c8ce53a7632539846fc29389ec6686da955197e5cf6e1fc7660fdeca36203d46a7c48794dad15d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe

Filesize
468KB

MD5
24407bc900929fa83a7c1f7404ecbf14

SHA1
52510e98aa122998a4356061c82732d13fafcd37

SHA256
d01721149240071a52a81af6e9a146e4ca09a8372b010eba158ca5c5ed007aad

SHA512
bc51a38362df8daf49466c8422d35c1990fae56ef3c9bfef503393e6ddd2b3bcfa5472d7dad40db4b1da3ef2f39e7949fc4c98d6bddf7acbd0047e21a4c81d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe

Filesize
468KB

MD5
a8faf7ff6d3b60c20a9b6b3aecb264d4

SHA1
f41526fceaa7081d4aba5e05b6e8a7481af1f60a

SHA256
b398ed7bfb4c92c6edddc61f77c905c8c4abf40fbd839c57ec1eba6f1e0246f9

SHA512
a81e05058be34e5e050e51467e2172a82a24a6e879f32f65fc4c53e2cfbc957ca8f2634f9c48db40adb4c51696b5281050b0ad49e728a066fe4a95f213a307b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe

Filesize
468KB

MD5
ec0e50cdce9fe1da8fae5d4908bd141f

SHA1
9d81d6c5ca04d4af365ad47073ae49c36f05b712

SHA256
425f2d5d51615f5e6c0b5720f494bcdf1661004aa8cf0c632b4e439af824b613

SHA512
ad464ecd9bebf90b11e25673dda38387fe03ceb97ad2c79dde74c8609da732f9364e89557ec89d8dac3d0c210711daaca76094a478afd62182ae267f21ccc1fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe

Filesize
468KB

MD5
604321f64e5be5f1c547470486efa868

SHA1
e72a441bc4249807be6d06986a864dd1e4fb61b9

SHA256
0c76c01b9ea906895e0267194eedff55421732de9f15b2c4557127dc479463ea

SHA512
6c63cf8bea344bb1d1f30093df39df38e66868fe1dc4805d901ee25ffb9a742c144b21f7db1578f6148c92af5810960123bd7cb41c3c83c64bf615485fdb3c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe

Filesize
468KB

MD5
96bf93bcbb793b1c51683a42451e1011

SHA1
e78bdac7ba6a46d65c28cbd550f015507ebc3b08

SHA256
e784daedd41a225532d660670c5f65ef7a87a1a3ed8583e74a8f86fce6ca0b81

SHA512
b271efbd9677cfc53055c07680f687c1b9e87311e88e8d28e047be7eac087064ed85a8a52982c37dc8be18377bdbcc2eb72b189d52e739f5ae1f6cbfb65f407a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe

Filesize
468KB

MD5
d29ac6753d4f937dbedc132fb7b1c8fb

SHA1
53c338ff2a5fc37992c329957389526b5247360f

SHA256
2023e145502166abe9d4cb1ad275ed46fcac4dafcef2d5750fbaf3a45b198c2f

SHA512
eabebc34dc00961aecf24b4c8b8be9269b563df0d0f991877992592eb0eceaa499c9fa103d0646b31f16ac86e69f1fc5afb75c64036ea0da0513e18d7e549a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe

Filesize
468KB

MD5
429efc6f7a6630a6a7ff4521bc9601c1

SHA1
31ccc726afbdee33bcd541b876e6591ca45fe61e

SHA256
ed83c13c775f5be023bc4e88ab31cb2ccb7a8740fcd6a215c6209e2fb19668b2

SHA512
d8ad4df3afb2f7393ad57eb866e7684a86ffefe9727ad892bbbc0d5a7b0dcb1bddb8035e2ecbfd2d7d794b18b9791643062f1eb99ffce80c78b395deef725097

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe

Filesize
468KB

MD5
9a52759b8aae8708000240afe2060c67

SHA1
e20757f795b911469cd3ebf6659d690dbd717b6f

SHA256
a6312249b3bef5fc1f65f60e317253c86493ed63f2c138f46b466f85188074ab

SHA512
7633f9a0df8929dcce23a0c473883ae948c7f0377477542fd0c2ba8ef1a6982b26612ed5cad3b7b18970aff64e4a5769f31bcd8cd21cdf12d818ab1783f39fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe

Filesize
468KB

MD5
7a2e532abf712da2530daff4c38db4e5

SHA1
bd5afa605e1957c806c4b6c09719ad0182d2e142

SHA256
b74f74e40078c2a60d9db964a063115ed88e96e8edca2647e1f2d10dc59951b4

SHA512
8ff54e4b8f47b2e1dd82d6e6507ca9ce551250a891e104d14e7631ee1e3342c2d04ac6795b3dca5fb32c3cc82b6daf918854b4f74d387da937d16382c7b36784

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe

Filesize
468KB

MD5
60462f17526b4a3007bb4f13f24409bc

SHA1
6a506dcfbf66376e36d80eb16ad811e460c0257a

SHA256
eae03eb95628c5e40042d987af82ec7f1e6931651e1244d07ec78a622ce56efe

SHA512
aec85ad6bc3553ace045c39a2ac18f8c0b90d358400c8c7bdc2d67392866bb13ff34bf7d9b361d58cd78f41374895595d246dd027eee24632231c3776a588cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe

Filesize
468KB

MD5
4bcc1292e8aa5d176dc9de2d2f2e3bc0

SHA1
5192a5392f3e1201932b98091d6a39db3b9ca500

SHA256
ad3415db0826b7c3d88c4b7ff73b5a906353bc00c304b5dd6f291d6ff7e240ab

SHA512
f3a020f398d8fec934abc99ca4a3ff1db283f4b6a3e03bd77f9866ddc3b0b4f00e9432b8856f123530a4a8ddb2f23330a9d1ac761082d3197e0dd24c4404c593

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe

Filesize
468KB

MD5
8bb635e34e40f45aa9cc8f1967ceaf8b

SHA1
159dc0d321c5cc31f1dcb69d39508ba4c565ace1

SHA256
d581296619f54efc6451b180588d13e5ef13f13481f41087762c32385e0f07d6

SHA512
571987935fda986329d8e83a868449eca908738d3fa2ca6edffdaf3838269741359c915f6181fb6dfb2ec831b623daf96aea90656fabe2279d616d15653eb8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe

Filesize
468KB

MD5
4a6e2360038bb3f0cdb005fa9c6176ea

SHA1
6c3960b4c7c86c124af22c7bf90e6bc84f6697d0

SHA256
18e3f71df7bf00bd742f80bd46ad8e696cd22a27b0af061a2d7acf701ca444c8

SHA512
220584fc1ae153980792be5669bff42dbf04edaf5c9426fa8ab3b3463dd2c3206e8ca4f474eb1c048e8912c52fdafef7142fc0556f0972aa730e40a0b9f10a35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe

Filesize
468KB

MD5
c784cff828f2d67d37302355f35e9cdb

SHA1
6bf6bd4bba63cbdd423e321b387eeaf7bb57138d

SHA256
9a41beb88a6eda0cb8ed4d3ae4683163b09efcab9be9f8297d09dd707637751e

SHA512
0d06ffb98ed78818b0a634b7f48fe22ea669df1355249a7b5ba1f99aa578f7e4a7c899b1bb3734f6fbf0870a760498539d46261c55d2445f25e7cd9346c3318a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe

Filesize
468KB

MD5
e91159d02be3b39982acd80e7c391008

SHA1
90440f7a22fedaedb49230fcb0e52e20c380fd30

SHA256
d6c8bfcd578fba926cadb99ce5238d66705fa5eb8499aaeffd72d0baacd5e60a

SHA512
97e74af60e769c0f1aabf098585a4d147917353dfef24f0689ac6599a45b4082a86b5ce3eff0bfb8e75f46178bcabc0b0435f1f4d09c74a002ba2ca7a27cc984

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe

Filesize
468KB

MD5
68906e7d39841dbc92d92ca7fe1e8ab7

SHA1
6504aefad15635570bd1ccbda5498606de99b0a4

SHA256
15495c675177a149b5acd556b1e38adaf467c23f3c25ac97a5092f2b95a112af

SHA512
68dec841adeca56519618a2db268b872befc2c03b9cc9147ce34262d5e7ae70cc6e89ad285669d016eee96d28c74a9f8b71d5cb22a8af90d8248790725ecf5f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe

Filesize
468KB

MD5
fd061578f85eec35ea8dad1f64596468

SHA1
c7c1a287ed5857465be1320769c3c823fa331a0b

SHA256
6cbee00d8f7dac90ab54f89c1a818f0674fc57dbadc4c664b1f1fc8403795a33

SHA512
5510852318d3c99ef5f7b90499031d2dfd87bfe4f37f6d4fe6f3f76f6667a0c026513cea9a2576d500841d52eb1d90d9380d624a3d44f352f277b66d32104949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe

Filesize
468KB

MD5
9797edba02d188574802eac85249bfd3

SHA1
9cc48f79cf063730b2ed4ffea36886360051b439

SHA256
c9b45d36f46e88c0af50073982bb55ad0b07ea3cd769b8d60a02900031ab8ed2

SHA512
41eecded72fb29fd9b37452cde07c9b08873680a76326f6ee87622ff30ce22d9f24d7ac9ef1ecce1cd16c906232717578e05b2ae45d1a52d6dfbca9f2037147f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe

Filesize
468KB

MD5
614c12e0efab9a41789dac66fc047f94

SHA1
056e7aa8aaed98ced64a9d6d821c026613c68ac1

SHA256
e60c51d08b5ea89b3835b7c3f0f1fe8a3b28ba8336cef32c09ede858c5e6070c

SHA512
a2e0355e57ef515911ed5cf36180faa36cefcc7ed809f3525d788f4a6f04a28157d492e4fb57a04166f1b0160621de2e777d750ff2eec997c79e2efbf0665bdd

Download Submit
memory/684-2603-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/5996-2719-0x0000000075BA0000-0x0000000075C36000-memory.dmp

Filesize
600KB

Download