1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41

Analysis

max time kernel
40s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
Size

468KB
MD5

bb8c7b3dd12f8156ca0bf8ba46b36adc
SHA1

caac834e23fa02e60a4d08c49554480053af4219
SHA256

1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41
SHA512

10f07936d7a011a6afbf91be578d2ff4b77c49b0681c540406bf5aa17390b4d959918f5db60ec5aba2204e0f1f20d5e7bfd44aa1d43e139c9bbcbb6bd96e99e7
SSDEEP

3072:9G3HogIKIE5TtIYeHz/Ocf+/zChaP0pktVHMTVPyQ4GL07Ngp3lj:9G3oDMTtoHrOcf4Yj0Q4ISNgp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2892	Unicorn-45675.exe
2380	Unicorn-20185.exe
1132	Unicorn-12571.exe
3168	Unicorn-54009.exe
404	Unicorn-21236.exe
3972	Unicorn-7501.exe
864	Unicorn-35317.exe
3508	Unicorn-54346.exe
2692	Unicorn-47569.exe
3040	Unicorn-24746.exe
836	Unicorn-61859.exe
3984	Unicorn-2452.exe
4876	Unicorn-9790.exe
2556	Unicorn-30211.exe
3624	Unicorn-10345.exe
2012	Unicorn-28164.exe
4636	Unicorn-62883.exe
4908	Unicorn-51186.exe
3180	Unicorn-56661.exe
4560	Unicorn-56661.exe
1472	Unicorn-10153.exe
3572	Unicorn-29754.exe
2244	Unicorn-30019.exe
1564	Unicorn-55899.exe
4500	Unicorn-636.exe
3108	Unicorn-42223.exe
1960	Unicorn-4528.exe
468	Unicorn-7242.exe
3216	Unicorn-42053.exe
1816	Unicorn-31482.exe
2336	Unicorn-21532.exe
3696	Unicorn-7797.exe
1032	Unicorn-3058.exe
2184	Unicorn-13272.exe
1860	Unicorn-44554.exe
2840	Unicorn-29609.exe
3056	Unicorn-41861.exe
760	Unicorn-43899.exe
2208	Unicorn-30163.exe
4744	Unicorn-24563.exe
1724	Unicorn-50029.exe
4016	Unicorn-45945.exe
4000	Unicorn-14456.exe
1524	Unicorn-38331.exe
3620	Unicorn-26293.exe
244	Unicorn-34461.exe
3372	Unicorn-14595.exe
4464	Unicorn-54973.exe
1488	Unicorn-226.exe
3884	Unicorn-11087.exe
4280	Unicorn-10340.exe
5064	Unicorn-2727.exe
4368	Unicorn-59349.exe
4492	Unicorn-35399.exe
2888	Unicorn-23169.exe
4888	Unicorn-31337.exe
4864	Unicorn-24850.exe
220	Unicorn-18893.exe
3880	Unicorn-14808.exe
3704	Unicorn-3111.exe
2172	Unicorn-22977.exe
2692	Unicorn-61871.exe
3128	Unicorn-52941.exe
4340	Unicorn-61606.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2292	2380	WerFault.exe	84
4312	2380	WerFault.exe	84
3120	4636	WerFault.exe	111
2888	2012	WerFault.exe	110
1492	2692	WerFault.exe	101
4020	4636	WerFault.exe	111
1844	1472	WerFault.exe	115
3432	2012	WerFault.exe	110
2172	2692	WerFault.exe	101
2912	1472	WerFault.exe	115
4104	3216	WerFault.exe	125
3680	3216	WerFault.exe	125
2120	3696	WerFault.exe	131
4380	1816	WerFault.exe	129
3052	2208	WerFault.exe	139
5000	4744	WerFault.exe	140
5856	1724	WerFault.exe	141
5148	2132	WerFault.exe	203
2952	3912	WerFault.exe	185
2404	3128	WerFault.exe	182
5376	1984	WerFault.exe	189
6960	5696	WerFault.exe	231
5560	832	WerFault.exe	209
5468	4016	WerFault.exe	312
7452	5284	WerFault.exe	247
7420	4864	WerFault.exe	173
8608	6124	WerFault.exe	309
9208	5140	WerFault.exe	210
9188	6424	WerFault.exe	329
9180	5452	WerFault.exe	221
5868	1668	WerFault.exe	188
8404	6544	WerFault.exe	333
8296	5648	WerFault.exe	306
8300	7040	WerFault.exe	345
8592	6192	WerFault.exe	323
9704	1860	WerFault.exe	135
9844	6944	WerFault.exe	392
9696	5580	WerFault.exe	253
9688	4300	WerFault.exe	242
9656	2556	WerFault.exe	108
9668	5164	WerFault.exe	248
10420	5776	WerFault.exe	263
10412	4512	WerFault.exe	266
10404	5412	WerFault.exe	278
10396	1564	WerFault.exe	118
10388	1148	WerFault.exe	244
10380	540	WerFault.exe	191
10368	3560	WerFault.exe	201
10360	2868	WerFault.exe	193
10352	5564	WerFault.exe	252
10344	4192	WerFault.exe	207
10336	1032	WerFault.exe	132
10328	4492	WerFault.exe	168
10320	468	WerFault.exe	124
10312	6336	WerFault.exe	327
10212	6600	WerFault.exe	388
10204	6724	WerFault.exe	389
9376	6268	WerFault.exe	384
8872	4280	WerFault.exe	161
10772	5568	WerFault.exe	226
8696	6784	WerFault.exe	337
8516	7000	WerFault.exe	342
8500	5060	WerFault.exe	348
8464	6092	WerFault.exe	299

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18399.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2892	Unicorn-45675.exe
2380	Unicorn-20185.exe
1132	Unicorn-12571.exe
3168	Unicorn-54009.exe
404	Unicorn-21236.exe
3972	Unicorn-7501.exe
864	Unicorn-35317.exe
3508	Unicorn-54346.exe
2692	Unicorn-47569.exe
3040	Unicorn-24746.exe
836	Unicorn-61859.exe
3984	Unicorn-2452.exe
4876	Unicorn-9790.exe
3624	Unicorn-10345.exe
2556	Unicorn-30211.exe
2012	Unicorn-28164.exe
4636	Unicorn-62883.exe
4908	Unicorn-51186.exe
1564	Unicorn-55899.exe
2244	Unicorn-30019.exe
1472	Unicorn-10153.exe
4560	Unicorn-56661.exe
3572	Unicorn-29754.exe
3180	Unicorn-56661.exe
4500	Unicorn-636.exe
3108	Unicorn-42223.exe
1960	Unicorn-4528.exe
468	Unicorn-7242.exe
3216	Unicorn-42053.exe
1816	Unicorn-31482.exe
3696	Unicorn-7797.exe
1032	Unicorn-3058.exe
2336	Unicorn-21532.exe
2184	Unicorn-13272.exe
1860	Unicorn-44554.exe
760	Unicorn-43899.exe
4000	Unicorn-14456.exe
3056	Unicorn-41861.exe
4744	Unicorn-24563.exe
4016	Unicorn-45945.exe
1724	Unicorn-50029.exe
2208	Unicorn-30163.exe
1524	Unicorn-38331.exe
3620	Unicorn-26293.exe
4464	Unicorn-54973.exe
244	Unicorn-34461.exe
3372	Unicorn-14595.exe
1488	Unicorn-226.exe
3884	Unicorn-11087.exe
4280	Unicorn-10340.exe
5064	Unicorn-2727.exe
4368	Unicorn-59349.exe
4492	Unicorn-35399.exe
2888	Unicorn-23169.exe
4888	Unicorn-31337.exe
4864	Unicorn-24850.exe
220	Unicorn-18893.exe
3880	Unicorn-14808.exe
3704	Unicorn-3111.exe
4340	Unicorn-61606.exe
3128	Unicorn-52941.exe
1224	Unicorn-55741.exe
1984	Unicorn-59468.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 2892	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	83
PID 4112 wrote to memory of 2892	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	83
PID 4112 wrote to memory of 2892	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	83
PID 2892 wrote to memory of 2380	2892	Unicorn-45675.exe	84
PID 2892 wrote to memory of 2380	2892	Unicorn-45675.exe	84
PID 2892 wrote to memory of 2380	2892	Unicorn-45675.exe	84
PID 4112 wrote to memory of 1132	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	85
PID 4112 wrote to memory of 1132	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	85
PID 4112 wrote to memory of 1132	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	85
PID 1132 wrote to memory of 3168	1132	Unicorn-12571.exe	90
PID 1132 wrote to memory of 3168	1132	Unicorn-12571.exe	90
PID 1132 wrote to memory of 3168	1132	Unicorn-12571.exe	90
PID 4112 wrote to memory of 404	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	92
PID 4112 wrote to memory of 404	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	92
PID 4112 wrote to memory of 404	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	92
PID 2892 wrote to memory of 3972	2892	Unicorn-45675.exe	93
PID 2892 wrote to memory of 3972	2892	Unicorn-45675.exe	93
PID 2892 wrote to memory of 3972	2892	Unicorn-45675.exe	93
PID 3168 wrote to memory of 864	3168	Unicorn-54009.exe	99
PID 3168 wrote to memory of 864	3168	Unicorn-54009.exe	99
PID 3168 wrote to memory of 864	3168	Unicorn-54009.exe	99
PID 1132 wrote to memory of 3508	1132	Unicorn-12571.exe	100
PID 1132 wrote to memory of 3508	1132	Unicorn-12571.exe	100
PID 1132 wrote to memory of 3508	1132	Unicorn-12571.exe	100
PID 404 wrote to memory of 2692	404	Unicorn-21236.exe	101
PID 404 wrote to memory of 2692	404	Unicorn-21236.exe	101
PID 404 wrote to memory of 2692	404	Unicorn-21236.exe	101
PID 4112 wrote to memory of 3040	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	102
PID 4112 wrote to memory of 3040	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	102
PID 4112 wrote to memory of 3040	4112	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	102
PID 2892 wrote to memory of 836	2892	Unicorn-45675.exe	103
PID 2892 wrote to memory of 836	2892	Unicorn-45675.exe	103
PID 2892 wrote to memory of 836	2892	Unicorn-45675.exe	103
PID 3972 wrote to memory of 3984	3972	Unicorn-7501.exe	104
PID 3972 wrote to memory of 3984	3972	Unicorn-7501.exe	104
PID 3972 wrote to memory of 3984	3972	Unicorn-7501.exe	104
PID 864 wrote to memory of 4876	864	Unicorn-35317.exe	107
PID 864 wrote to memory of 4876	864	Unicorn-35317.exe	107
PID 864 wrote to memory of 4876	864	Unicorn-35317.exe	107
PID 3508 wrote to memory of 2556	3508	Unicorn-54346.exe	108
PID 3508 wrote to memory of 2556	3508	Unicorn-54346.exe	108
PID 3508 wrote to memory of 2556	3508	Unicorn-54346.exe	108
PID 3168 wrote to memory of 3624	3168	Unicorn-54009.exe	109
PID 3168 wrote to memory of 3624	3168	Unicorn-54009.exe	109
PID 3168 wrote to memory of 3624	3168	Unicorn-54009.exe	109
PID 1132 wrote to memory of 2012	1132	Unicorn-12571.exe	110
PID 1132 wrote to memory of 2012	1132	Unicorn-12571.exe	110
PID 1132 wrote to memory of 2012	1132	Unicorn-12571.exe	110
PID 2692 wrote to memory of 4636	2692	Unicorn-47569.exe	111
PID 2692 wrote to memory of 4636	2692	Unicorn-47569.exe	111
PID 2692 wrote to memory of 4636	2692	Unicorn-47569.exe	111
PID 404 wrote to memory of 4908	404	Unicorn-21236.exe	112
PID 404 wrote to memory of 4908	404	Unicorn-21236.exe	112
PID 404 wrote to memory of 4908	404	Unicorn-21236.exe	112
PID 3984 wrote to memory of 4560	3984	Unicorn-2452.exe	113
PID 3984 wrote to memory of 4560	3984	Unicorn-2452.exe	113
PID 3984 wrote to memory of 4560	3984	Unicorn-2452.exe	113
PID 836 wrote to memory of 3180	836	Unicorn-61859.exe	114
PID 836 wrote to memory of 3180	836	Unicorn-61859.exe	114
PID 836 wrote to memory of 3180	836	Unicorn-61859.exe	114
PID 3972 wrote to memory of 1472	3972	Unicorn-7501.exe	115
PID 3972 wrote to memory of 1472	3972	Unicorn-7501.exe	115
PID 3972 wrote to memory of 1472	3972	Unicorn-7501.exe	115
PID 2892 wrote to memory of 3572	2892	Unicorn-45675.exe	116

C:\Users\Admin\AppData\Local\Temp\1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
"C:\Users\Admin\AppData\Local\Temp\1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 724
      4⤵
      Program crash
      PID:2292
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 760
      4⤵
      Program crash
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 632
        7⤵
        Program crash
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 632
        8⤵
        Program crash
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        8⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 636
        9⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 664
        8⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        8⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        8⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        6⤵
        Executes dropped EXE
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 724
        10⤵
        Program crash
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 636
        9⤵
        Program crash
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        8⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        9⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        8⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 724
        9⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        8⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        9⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        8⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        7⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 636
        8⤵
        Program crash
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 724
        7⤵
        Program crash
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 636
        5⤵
        Program crash
        
        PID:1844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 656
        5⤵
        Program crash
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        7⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 728
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
        7⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12832 -s 636
        8⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        7⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        6⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 636
        7⤵
        
        PID:11408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 756
        6⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 636
        7⤵
        Program crash
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        6⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        7⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        5⤵
        
        PID:7460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 632
        5⤵
        
        PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 636
        5⤵
        Program crash
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        7⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 632
        8⤵
        
        PID:12692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 628
        6⤵
        
        PID:11776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 632
        5⤵
        Program crash
        
        PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
      4⤵
      PID:6240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 640
        5⤵
        
        PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
      4⤵
      PID:7608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 720
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
      4⤵
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
      4⤵
      PID:15184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 644
        6⤵
        Program crash
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 644
        5⤵
        Program crash
        
        PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        6⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 640
        7⤵
        Program crash
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        6⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 636
        7⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        5⤵
        
        PID:6188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 636
        6⤵
        
        PID:8644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 720
        5⤵
        Program crash
        
        PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        6⤵
        
        PID:7884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 648
        6⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        5⤵
        
        PID:9484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 668
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        6⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        6⤵
        
        PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45139.exe
      4⤵
      PID:9252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 744
        5⤵
        
        PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
      4⤵
      PID:9836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 628
        5⤵
        Program crash
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
      4⤵
      PID:7236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 636
        5⤵
        
        PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
      4⤵
      PID:9160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 712
      4⤵
      PID:13440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 632
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        6⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 728
        7⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        6⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        8⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        6⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
        6⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        6⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        7⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        6⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        7⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        6⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        5⤵
        
        PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        7⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 636
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        7⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        7⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        6⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        7⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        6⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
        7⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        5⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        6⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 628
        7⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        5⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        6⤵
        
        PID:7856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 640
        5⤵
        
        PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 640
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
      4⤵
      PID:3620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 504
      4⤵
      PID:14740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
    3⤵
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        7⤵
        
        PID:8440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 660
        6⤵
        
        PID:11768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 724
        5⤵
        Program crash
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        7⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        6⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        6⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        7⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        5⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        6⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29420.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        5⤵
        
        PID:1312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 652
      4⤵
      Program crash
      PID:10360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
    3⤵
    PID:7304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 636
      4⤵
      PID:11392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43507.exe
    3⤵
    PID:9448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    3⤵
    PID:12652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
    3⤵
    PID:15336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 648
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 652
        10⤵
        Program crash
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        10⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        11⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        12⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        11⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        11⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        12⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        11⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        10⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
        11⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 728
        9⤵
        Program crash
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        9⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 724
        11⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 632
        11⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        10⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        10⤵
        
        PID:15264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 740
        9⤵
        Program crash
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 636
        8⤵
        Program crash
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        7⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 632
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        7⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 644
        8⤵
        Program crash
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        9⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        9⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 748
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
        9⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 640
        10⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        9⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        9⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        9⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        8⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 748
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        9⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        7⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 632
        7⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        6⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 640
        7⤵
        Program crash
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        8⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        7⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 636
        10⤵
        Program crash
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        9⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        10⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 640
        10⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        9⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        9⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 624
        9⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 624
        8⤵
        Program crash
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 640
        9⤵
        Program crash
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 720
        8⤵
        Program crash
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 772
        7⤵
        Program crash
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
        6⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
        9⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        8⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 728
        7⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        8⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        9⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 652
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        7⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 636
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
        7⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        6⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 636
        7⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        6⤵
        
        PID:9064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 712
        6⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        5⤵
        
        PID:832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 688
        6⤵
        Program crash
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        6⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 716
        7⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        6⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        7⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        6⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 724
        6⤵
        Program crash
        
        PID:4104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 724
        6⤵
        Program crash
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        6⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        6⤵
        
        PID:2164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 724
        6⤵
        Program crash
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 680
        6⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        6⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        8⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        9⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        5⤵
        
        PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 636
        7⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        7⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 452
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        6⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        7⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        5⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 636
        7⤵
        
        PID:8428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 728
        6⤵
        Program crash
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35068.exe
        5⤵
        
        PID:6808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 640
        6⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        6⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        7⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
        6⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        6⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        6⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 644
        7⤵
        Program crash
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        6⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 632
        7⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        6⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 644
        6⤵
        Program crash
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        5⤵
        
        PID:7668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 624
        6⤵
        
        PID:13912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 724
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        5⤵
        
        PID:6060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 720
        6⤵
        
        PID:9912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 728
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
      4⤵
      PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
      4⤵
      PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        5⤵
        
        PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
      4⤵
      PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        5⤵
        
        PID:14124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        8⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 636
        9⤵
        Program crash
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        8⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 640
        9⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 672
        8⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        9⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        8⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        9⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        10⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 724
        10⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 720
        9⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 744
        8⤵
        Program crash
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        7⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 724
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        8⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        6⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        7⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        6⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        9⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        7⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 768
        7⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 636
        7⤵
        Program crash
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        6⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        7⤵
        
        PID:7672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 744
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        5⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        6⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 724
        7⤵
        Program crash
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        6⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 636
        7⤵
        
        PID:13728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 660
        6⤵
        
        PID:13224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 632
        5⤵
        Program crash
        
        PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 724
        5⤵
        Program crash
        
        PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        5⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        8⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
        6⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        8⤵
        
        PID:15084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 632
        6⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        5⤵
        
        PID:512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 512 -s 640
        6⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        5⤵
        
        PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
      4⤵
      PID:15048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 720
      4⤵
      Program crash
      PID:2888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 720
      4⤵
      Program crash
      PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 644
      4⤵
      Program crash
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 640
      4⤵
      Program crash
      PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54024.exe
    3⤵
    PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
      4⤵
      PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        5⤵
        
        PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
      4⤵
      PID:11780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
    3⤵
    PID:9456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
    3⤵
    PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
      4⤵
      PID:14272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
    3⤵
    PID:14576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47569.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 720
        5⤵
        Program crash
        
        PID:3120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 720
        5⤵
        Program crash
        
        PID:4020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 708
      4⤵
      Program crash
      PID:1492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 708
      4⤵
      Program crash
      PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 720
        6⤵
        Program crash
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        8⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 636
        9⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        9⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        8⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        7⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 656
        7⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
        6⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        7⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
        7⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        6⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        5⤵
        
        PID:5844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 636
        6⤵
        
        PID:5124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 632
        5⤵
        Program crash
        
        PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        6⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 724
        7⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        6⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32150.exe
        7⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
      4⤵
      PID:6192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 640
        5⤵
        Program crash
        
        PID:8592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 768
      4⤵
      Program crash
      PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
      4⤵
      PID:5760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 748
      4⤵
      Program crash
      PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
    3⤵
    PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
    3⤵
    PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
    3⤵
    PID:7616
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 636
      4⤵
      PID:13704
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 508
    3⤵
    PID:14748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
        5⤵
        
        PID:5696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 644
        6⤵
        Program crash
        
        PID:6960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
      4⤵
      Executes dropped EXE
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 744
      4⤵
      Program crash
      PID:9704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
    3⤵
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
      4⤵
      PID:3632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 764
      4⤵
      Program crash
      PID:5868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
    3⤵
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        5⤵
        
        PID:8176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 736
        6⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        5⤵
        
        PID:8772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 636
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
      4⤵
      PID:5348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 632
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
      4⤵
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        5⤵
        
        PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        5⤵
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
      4⤵
      PID:9076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
    3⤵
    PID:7324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
    3⤵
    PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
      4⤵
      PID:11644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 740
    3⤵
    PID:5220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
    3⤵
    - Executes dropped EXE
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        7⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        9⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 652
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41389.exe
        8⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        8⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        9⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        7⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        6⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 728
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        6⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        7⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38981.exe
        6⤵
        
        PID:6596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 632
        6⤵
        
        PID:14732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 648
        5⤵
        Program crash
        
        PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 744
      4⤵
      Program crash
      PID:10328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        7⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 632
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        7⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        6⤵
        
        PID:9992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 712
        6⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:7952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 636
        6⤵
        
        PID:13140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 740
        5⤵
        
        PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        5⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        6⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
      4⤵
      PID:6380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 644
        5⤵
        
        PID:7940
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 668
      4⤵
      PID:11812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 660
    3⤵
    - Program crash
    PID:10396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 644
    3⤵
    - Program crash
    PID:5000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
  2⤵
  PID:1604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
  2⤵
  PID:7400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 636
    3⤵
    PID:11376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
  2⤵
  PID:9408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
    3⤵
    PID:9360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
  2⤵
  PID:11824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
  2⤵
  PID:14384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
    3⤵
    PID:8536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
  2⤵
  PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2380 -ip 2380
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2380 -ip 2380
1⤵
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4636 -ip 4636
1⤵
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2012 -ip 2012
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4636 -ip 4636
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2692 -ip 2692
1⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1472 -ip 1472
1⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2012 -ip 2012
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2692 -ip 2692
1⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1472 -ip 1472
1⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3216 -ip 3216
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3216 -ip 3216
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1816 -ip 1816
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3696 -ip 3696
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2208 -ip 2208
1⤵
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4744 -ip 4744
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4016 -ip 4016
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3056 -ip 3056
1⤵
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1724 -ip 1724
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2244 -ip 2244
1⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4016 -ip 4016
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1724 -ip 1724
1⤵
PID:60

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3056 -ip 3056
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2244 -ip 2244
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1816 -ip 1816
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3696 -ip 3696
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1984 -ip 1984
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3128 -ip 3128
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4744 -ip 4744
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2692 -ip 2692
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3704 -ip 3704
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2360 -ip 2360
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3912 -ip 3912
1⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1224 -ip 1224
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1604 -ip 1604
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2208 -ip 2208
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2132 -ip 2132
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2692 -ip 2692
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 832 -ip 832
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5220 -ip 5220
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4856 -ip 4856
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3704 -ip 3704
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2360 -ip 2360
1⤵
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 1604 -ip 1604
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1224 -ip 1224
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5288 -ip 5288
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 832 -ip 832
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5220 -ip 5220
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4856 -ip 4856
1⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3984 -ip 3984
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 1984 -ip 1984
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5288 -ip 5288
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5536 -ip 5536
1⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5696 -ip 5696
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5432 -ip 5432
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5680 -ip 5680
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5624 -ip 5624
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5760 -ip 5760
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5344 -ip 5344
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5784 -ip 5784
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1524 -ip 1524
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3180 -ip 3180
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 244 -ip 244
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4908 -ip 4908
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3620 -ip 3620
1⤵
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4888 -ip 4888
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2184 -ip 2184
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3880 -ip 3880
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4368 -ip 4368
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4864 -ip 4864
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5284 -ip 5284
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3128 -ip 3128
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3984 -ip 3984
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3632 -ip 3632
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5432 -ip 5432
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5536 -ip 5536
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5680 -ip 5680
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5624 -ip 5624
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5760 -ip 5760
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4808 -ip 4808
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5344 -ip 5344
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5140 -ip 5140
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4576 -ip 4576
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1668 -ip 1668
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4340 -ip 4340
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1524 -ip 1524
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5784 -ip 5784
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3180 -ip 3180
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 244 -ip 244
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4908 -ip 4908
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3620 -ip 3620
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2184 -ip 2184
1⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4888 -ip 4888
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5136 -ip 5136
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2164 -ip 2164
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3880 -ip 3880
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5284 -ip 5284
1⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4864 -ip 4864
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4368 -ip 4368
1⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3632 -ip 3632
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5856 -ip 5856
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5376 -ip 5376
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5372 -ip 5372
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6176 -ip 6176
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2720 -ip 2720
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6076 -ip 6076
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3200 -ip 3200
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6108 -ip 6108
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5236 -ip 5236
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4016 -ip 4016
1⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3860 -ip 3860
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 1740 -ip 1740
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6048 -ip 6048
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5084 -ip 5084
1⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5532 -ip 5532
1⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6124 -ip 6124
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4808 -ip 4808
1⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 5140 -ip 5140
1⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 1668 -ip 1668
1⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4576 -ip 4576
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6424 -ip 6424
1⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4340 -ip 4340
1⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5452 -ip 5452
1⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7040 -ip 7040
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5648 -ip 5648
1⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6544 -ip 6544
1⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6164 -ip 6164
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6208 -ip 6208
1⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6192 -ip 6192
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5844 -ip 5844
1⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6188 -ip 6188
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6260 -ip 6260
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 7056 -ip 7056
1⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6808 -ip 6808
1⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6788 -ip 6788
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6240 -ip 6240
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6044 -ip 6044
1⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5996 -ip 5996
1⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6092 -ip 6092
1⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5060 -ip 5060
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7000 -ip 7000
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6784 -ip 6784
1⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 4280 -ip 4280
1⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 2556 -ip 2556
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4300 -ip 4300
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5580 -ip 5580
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1860 -ip 1860
1⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6268 -ip 6268
1⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 2164 -ip 2164
1⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6944 -ip 6944
1⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5136 -ip 5136
1⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6724 -ip 6724
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6600 -ip 6600
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 3912 -ip 3912
1⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2132 -ip 2132
1⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 5164 -ip 5164
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 6336 -ip 6336
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 468 -ip 468
1⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 4492 -ip 4492
1⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1032 -ip 1032
1⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 4192 -ip 4192
1⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 2868 -ip 2868
1⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5564 -ip 5564
1⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3560 -ip 3560
1⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 540 -ip 540
1⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 1148 -ip 1148
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 1564 -ip 1564
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 5412 -ip 5412
1⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 4512 -ip 4512
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5776 -ip 5776
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4832 -ip 4832
1⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5380 -ip 5380
1⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 5856 -ip 5856
1⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 5376 -ip 5376
1⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 5372 -ip 5372
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 6176 -ip 6176
1⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2720 -ip 2720
1⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6076 -ip 6076
1⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5568 -ip 5568
1⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3200 -ip 3200
1⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6108 -ip 6108
1⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3860 -ip 3860
1⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 1740 -ip 1740
1⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5236 -ip 5236
1⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 4016 -ip 4016
1⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 5716 -ip 5716
1⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5532 -ip 5532
1⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5084 -ip 5084
1⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 6048 -ip 6048
1⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4168 -ip 4168
1⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6380 -ip 6380
1⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6060 -ip 6060
1⤵
PID:14012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5760 -ip 5760
1⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 6132 -ip 6132
1⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 5472 -ip 5472
1⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 4848 -ip 4848
1⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 8176 -ip 8176
1⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7236 -ip 7236
1⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 7360 -ip 7360
1⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 7388 -ip 7388
1⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7528 -ip 7528
1⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7400 -ip 7400
1⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 7304 -ip 7304
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7444 -ip 7444
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 7884 -ip 7884
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 7672 -ip 7672
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5696 -ip 5696
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 7324 -ip 7324
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7260 -ip 7260
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 6164 -ip 6164
1⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7432 -ip 7432
1⤵
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 6208 -ip 6208
1⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 7680 -ip 7680
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 3700 -ip 3700
1⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5608 -ip 5608
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 7460 -ip 7460
1⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7508 -ip 7508
1⤵
PID:13544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 4800 -ip 4800
1⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 1524 -ip 1524
1⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7476 -ip 7476
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6508 -ip 6508
1⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6816 -ip 6816
1⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5816 -ip 5816
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5676 -ip 5676
1⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1304 -ip 1304
1⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7952 -ip 7952
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 512 -ip 512
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 7608 -ip 7608
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5408 -ip 5408
1⤵
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6524 -ip 6524
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 620 -ip 620
1⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7036 -ip 7036
1⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3372 -ip 3372
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 760 -ip 760
1⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5892 -ip 5892
1⤵
PID:14256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 6616 -ip 6616
1⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3548 -ip 3548
1⤵
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 2020 -ip 2020
1⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 7208 -ip 7208
1⤵
PID:14576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 7616 -ip 7616
1⤵
PID:14584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5428 -ip 5428
1⤵
PID:14592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6824 -ip 6824
1⤵
PID:14840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 8164 -ip 8164
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 5804 -ip 5804
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1696 -ip 1696
1⤵
PID:15020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 8620 -ip 8620
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7820 -ip 7820
1⤵
PID:15232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 7248 -ip 7248
1⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 8452 -ip 8452
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 8688 -ip 8688
1⤵
PID:14548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 7056 -ip 7056
1⤵
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 8596 -ip 8596
1⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 8656 -ip 8656
1⤵
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 8440 -ip 8440
1⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 8556 -ip 8556
1⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 8636 -ip 8636
1⤵
PID:15200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 3944 -ip 3944
1⤵
PID:14764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 8788 -ip 8788
1⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7784 -ip 7784
1⤵
PID:14744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 8536 -ip 8536
1⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 9252 -ip 9252
1⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 2360 -ip 2360
1⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 8792 -ip 8792
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5268 -ip 5268
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 3408 -ip 3408
1⤵
PID:15256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 9384 -ip 9384
1⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 9992 -ip 9992
1⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 9600 -ip 9600
1⤵
PID:14736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1764 -p 9960 -ip 9960
1⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1792 -p 8772 -ip 8772
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1820 -p 9336 -ip 9336
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 9516 -ip 9516
1⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1864 -p 9160 -ip 9160
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1908 -p 9268 -ip 9268
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1936 -p 9312 -ip 9312
1⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1964 -p 5300 -ip 5300
1⤵
PID:13784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1744 -p 9396 -ip 9396
1⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 9064 -ip 9064
1⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1988 -p 9016 -ip 9016
1⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1768 -p 6368 -ip 6368
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1812 -p 9484 -ip 9484
1⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2000 -p 8416 -ip 8416
1⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2032 -p 9504 -ip 9504
1⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1912 -p 9424 -ip 9424
1⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1940 -p 9528 -ip 9528
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1752 -p 9672 -ip 9672
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1868 -p 9456 -ip 9456
1⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1968 -p 9068 -ip 9068
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2044 -p 9632 -ip 9632
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1824 -p 9448 -ip 9448
1⤵
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2012 -p 9980 -ip 9980
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1756 -p 9324 -ip 9324
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1944 -p 9608 -ip 9608
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2080 -ip 2080
1⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1972 -p 8120 -ip 8120
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1852 -p 7988 -ip 7988
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2044 -p 7424 -ip 7424
1⤵
PID:15120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2008 -p 7164 -ip 7164
1⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1828 -p 6900 -ip 6900
1⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1940 -p 5508 -ip 5508
1⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1740 -p 6008 -ip 6008
1⤵
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1840 -p 2640 -ip 2640
1⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1800 -p 5344 -ip 5344
1⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 6160 -ip 6160
1⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5584 -ip 5584
1⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 5064 -ip 5064
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5844 -ip 5844
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5792 -ip 5792
1⤵
PID:10020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe

Filesize
468KB

MD5
a303e8eb5af71c95743477784a6dc28e

SHA1
fea6191c229e4847839c7d6c4f0dec6591816dd3

SHA256
c49b5107edbffaa90df0789c0e91bd1dc0cada8b58f47d48622df9b56304585c

SHA512
8f804c016573182722548d1cbb60ebafdd86247b6d4511e5477b0fc97074751a04b7f2c1d3d0877eaac440b3cba2a9dc807d00f3af83e2309341abf11c14f5a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe

Filesize
468KB

MD5
b30dbeaed83481c56f87486fdbc87279

SHA1
a9626a9b470cc228ac367bb3b9787ab4d8da0437

SHA256
c754e09940b7d7aa83980723be90807bc5a401549cc9f6ce4a870fc86ae1bd59

SHA512
a718e85f3cffc1933a8754138c7763b448f4e1578a005c1ae0b2a75a147748984d2e7ec0a4f2f91478e4969991f9613d78cb245a673bb591574c896391d73021

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe

Filesize
468KB

MD5
a2167191a45a501e953e9846faabda13

SHA1
266e73bad0c753910ebbb5878842fd211e0f9134

SHA256
c3def9ee6eb4192857d9fb105be16f05f3a395139ab1e5ab88c90bfcef62e1ac

SHA512
0764a18cc1b5e18b6ace573fe05b3981858677399fa8f2b58285f8cd6a6ce668b2b34015c28852c8f70c562016ef2794e481377b655c4cf00356e7ee61d5fc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe

Filesize
468KB

MD5
5c00dd59fadc50ee35942e78397fa941

SHA1
cd0474671ab60223e7dc11e6904ad908c9bb8088

SHA256
63a824c8e4e723e869f1afbd111af300f1c806289a2091d8d0e21bd5758597e7

SHA512
6df920ed67a0f2015c49e41c2a49a658a8605e0bdaa957f1c4c4a4f0d9abd6c0e2c7e2731708de84fcb2c9843a817c96d96681906eed0e57f7ba2dfa673a3cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe

Filesize
468KB

MD5
a0aca76d726c143d788840141ca46e95

SHA1
f9d01050d904f32e24388a94d535a6bf8208fabf

SHA256
0ffff7d755a762ef33b7dedb09e5b7f48814a9629f9007b270de5fd9357ba98b

SHA512
325660107f0e8ceb3ab6f4d1fb8c5c82a97650d8d9eb48d4f88dabacbf51227524dc22f893eebb11fef822548548d074742e1f01995d0ce8fa0ea4b26def3ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe

Filesize
468KB

MD5
b2264026a53e214423cb83560a25e69d

SHA1
69df005c04678cc7f4b6edc3ed1734549146911b

SHA256
93d39c83954f1d40e91774428e841bccabbb4198018c4d2b1d1d96ec9237eecc

SHA512
12d046ce18d925ea2155a94081f19ac75627dab9fda6d6992596993c3cdd87376b49caf4efb30a9c529e3aae16782ff61efb5771424779ba9919fdd9cac9941f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe

Filesize
468KB

MD5
6b9f2cb08feb30578ba0a4f75d40ba24

SHA1
98a011a95dae409bc3a6c7107ccfcdc829d3fdb5

SHA256
bbee13f7e03ad7ac31c137d6c084ab738b1e231280c210fdd8e71c699e985a41

SHA512
d81047021c4b4d9bc126feceaa740aa36a183154d4a883a93cb443af5b948f932c0d47b378b280294aed36984d10c71b63f0c07feba9afacf8cf3414035cf6d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe

Filesize
468KB

MD5
4242826f1414661209eb23bddb82fb66

SHA1
75810f58cadd32cbb4ffac5b988cd400f82c9627

SHA256
87ba0ea8c0de4f67987178c15e9ba008fc35cbe8eebec21924adf63b10d14eea

SHA512
1c48c98b2f4f84323dc5f2e2eb26e68362ec2222d3645ecd5aa2def72a3ab4c194bcf16628b50bf8149cddfea77c734ea4691772040db051a3c57809975db339

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe

Filesize
468KB

MD5
d13f1ef0cf10112f28fbd689f8f00ee4

SHA1
69532fe2cc2e5cb835c42248e9fe0d7091e8d2a4

SHA256
90742d4087478c4172818217b55b3ff92d118df53a3abd1714563d204a9bfee7

SHA512
5bf32ab997204b21ef0d4ffa1698a01c6b80c17bc3cfb62fb5a870fe200f3af5e730b685fa02d05629b0e1e7c61a31c2dcd20b01753f841e6bf1fdce55cb7aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe

Filesize
468KB

MD5
9bf800ac305f53941d10d6f4ba3bc503

SHA1
759b6fcc21ba55fd863afee57cb1f49723f2139a

SHA256
cd18e70286af985982588ca00a5931e7b67e8a215be06c0025b66af986d926ee

SHA512
dc2b3dc67a54610e88aaa1cbb1c8ccaead12ab714cc877fac402ed1e1142382a4edebb61dc25504207909038de8faa9e4e5dccd2161575136d2a431e99975a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe

Filesize
468KB

MD5
f18b140fea72e1890174177e1bf3c403

SHA1
2d1d45cec630e42218b57ffadee3bd86f4e306dd

SHA256
8ca54715c909939dc824655497c66f8ac58110147c67b1fdccdff31ac447f31b

SHA512
c129a92685c57bbf73f6cb2730f8621d7383f3fff230410c88d01bf4a001488372fb11f2334d84f878bf92f9456a27d9f840c66a190661fc41805e0641b51b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe

Filesize
468KB

MD5
ed2c45559b8e47ca8a00b6ce4df276d5

SHA1
bbf93ea7ba1d896f88810181f0e686d6193e8275

SHA256
f6cc18ce240c64bb7b51071331ccf39847841223a5447859e3422061d49e68af

SHA512
82a6b29588b80f25e22258935b7a65265d4f8a91b34b89a8aaf70b3fd5d3f5910837cf857987a79b8f9d81f656c7f2249e9620981a76f39ec00fad815afead91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe

Filesize
468KB

MD5
836cb2d1c242d935198b88ef35916818

SHA1
1e28e8946be9c09665696933255d1f79c1874ce0

SHA256
ae4cbbde53c1858ad2bfc2c976de5a3def2edb98b561eab0e9bf8ec8d1c1d085

SHA512
9c9f74561d4f5f28d127e8c1fd691461a80d6466937448b740aae3b8ddccc9f6fb0c6f37aa69c76e8bc8fabbd3be1a80f27dade1d6bb200b86ebcd2725bebaa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe

Filesize
468KB

MD5
546eec520e6e4d9e2eaff9b7c9ee1587

SHA1
224af64e56ac972d2f836bf3102bd1a05d752fa6

SHA256
f12531c9fbd7b76843a39bed4d8186d0126dc48fcecfb66c65dc8f03522582a7

SHA512
92276733de4f0ff4e5721d39aac3e2829b2c046e2b8a7b188fd3f019d73aa3f9ac2a8ca6ead6dce200ecc18fecb22804753b276550901aab1c87467911b98c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe

Filesize
468KB

MD5
220f7ae25d49106e39168bef7ddfb33d

SHA1
45edd62c3f7d5db58e0beec2fa4f476f013588c9

SHA256
71e11b01553d234b3ae29a3e6390c3f868bc1efda67e580095dde62908fd1e84

SHA512
e376720f3a06d66dcbf28e8d33f1990428fc132e3aedfa0087a8cf0507476144d736cbe0ee3d57ac62a848c69fa9b29fae533754bca7577bc1c840fb50682571

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe

Filesize
468KB

MD5
0680221535adb45c3bc339822db03cf2

SHA1
0cb99b86b6800f7d67572a2a7630a33c3ca5ae9c

SHA256
48d4ea043b718002eed2f323883ad74de90bfd2c156e1b8ecd0f06f6c8077d0e

SHA512
4a3125ad5239edf4d64079a1196420bfbec2c470cdd759c7b235df36d86cf32bd9104a3a37a6efc80276b48d43beff3d9435c9a971add42ad2721e4f7a684b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe

Filesize
468KB

MD5
b7dc352c05008d78d58e37b72d889edd

SHA1
1cf0d09fb62f382047e5af0058b29ca86630490a

SHA256
63322d1b21802fffa44f7e5ebaef5dfad12b3475d67df7883780392ad77b1b63

SHA512
786d1d9e705f8559dee22cb14cf0677ae851a0dd7638866ac16ed035d7d224605132ba2661da1f785ec8428f485f2a9c37e6f79d0ac5b0854a4fda1a81c93f5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe

Filesize
468KB

MD5
db8d6a70508f47e2e07fd3c52e943f15

SHA1
78ce134a2dbfb26c33c2ed72d8f55a39786894ad

SHA256
e6c1098f4d0334adff192a3e5d41d2298744450a25782da9b94e2c615cf2a032

SHA512
8a5e7e2d3722756ef7d1a4027100a97d549bc0a9c1a4d727ad8e38204d0e428bd63bffb30bd971250fb31e6ad6ad83d97342bd9b24efe1d87da1e12fbe5411e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47569.exe

Filesize
468KB

MD5
2530d0e42895ee81b56ab1f9c2fb40ab

SHA1
1519f292f071d3f258c9ce0e8814abf66700dc8e

SHA256
a2b700711861bd49bd18de68b2b326e336a44bb7b20fe9257236b11c036f5401

SHA512
bf2ec6b260ca769fbc396f793a3cdd88e6862f70142dcdd9e0fffe3cd2e2529366fc161274aea81e41749f76cb788aab671f44ac7a0532b26b8e2be508a2b517

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe

Filesize
468KB

MD5
83b84dc949f5637b16974e719e4c9eed

SHA1
638f1abdc0ca264c9ec5b88beb454107dc042c26

SHA256
bb29bfd9895dc77fdf7f5ad8909b755d0184d4a09a7dca9573f4abbe843746fa

SHA512
f847614721c99b369574390469fc4a37406b61ed8468890358de7db03c7a5bfe297df78f6dee75358b17e47de0c9763c54a25260c87ded9c43f620590ddb3988

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe

Filesize
468KB

MD5
49611863efaa87b60ed96559984086ba

SHA1
6652f54ad40cb637d8a57a5309dfeb1d12ea5755

SHA256
536759509604dbd48db47781998294a64bd21f8f0a41a7dbfcce1a4388149de7

SHA512
c9c3c49fcb7a505a49a51bb2005ae67c77e343002daea4f0964779eddf472bea3f0a52c7dd571b72117d0bd0b454772683ccf05d132ec9c407f0ed3cb2a91b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe

Filesize
468KB

MD5
d8baa57ab146b7153c5a87c0d0a34d40

SHA1
e505e57e3dc5000ae9cd9473f66e71bd908ff2d3

SHA256
a8da7337f1b5a669ef49d78cb4737ab8ebf1f8d611d2be4790bf2dd5c962c10a

SHA512
f0937e951eccb7dc0a023a5f9351f07452ab79f2629f8e533fa825b6df6e09fc3c44d755cabb3dc1ce0519e7bd05ab8c9c6ee150583b1c8aa5e4600aa2ef9591

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe

Filesize
468KB

MD5
f78af95fa265191b18cf1ceb34068b80

SHA1
2817a04a917327529e3207c8cb84e2750a7c05ac

SHA256
6e3581125e3f21ed04b8412faf43584462ba63ef19ee483e0acec82156cb585d

SHA512
2a3f038c11998eb1563bd97f29c3beb1d8537a190790366c6d186da8f08c5976893f6fd76d375d390dc615e37cea6b6b881e63997cad10b53f923d46f5a4a793

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe

Filesize
468KB

MD5
bb283e8f6af72a206f195ec65ba519f4

SHA1
33099b68e2a7d602b2f428a9d82a46dab3bbd68d

SHA256
5fce59726d7074756ecaa5fb4a92172c2eeec03f7c41364596e75c1e8eb2fb64

SHA512
02e29c3f27a591bb1a8c7667e1489ef4cffd2c9b93b5ff4a1a5a80bf00ff302e314a085c78a13b94b42238aac69d5f7297a3d401a21120d0f1701226bbffbe84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe

Filesize
468KB

MD5
5e619083a24838f279a6fdd8c7b5d20b

SHA1
e511495f7c20d11eaee2cadbd6c0b6f8e1a5e60a

SHA256
94acf1f52bc16468839b07c073d565321109c67683e758e876ece6fe10b20d6c

SHA512
ac2f1ad37ad95fa8bedf6484bd1a5f801f950fc770c5781f734d958c84d83d19216323bc970c9b5352087f0281a6577c18b6aa0ce7edad037c69e09455bde08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe

Filesize
468KB

MD5
609c160ecfe65e0cc3c250fa8816318e

SHA1
3484d8360055330338ecd7df2623466fb0781438

SHA256
08bcef7e63a4d4bfbdd6a0fc13c6f6bdfc775f167e85149eb18d89fa7eaa392c

SHA512
ca49d017b789ec883110a845ca45a06a5877c34efdc6ad820fcece634f39d0a658088f1d56371133953fd3668ff8f9df2bb6971f1bc16ab709d22f770e4587a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe

Filesize
468KB

MD5
c771feaf104d149720f1f06687a8bbc2

SHA1
8212bf3d29cc7521b6404f878ec6db8af726f04a

SHA256
c9b49265efefa60bad8c8422dbd06b8cc82f9fdd3dfbaed059e2025370c9b857

SHA512
b23627ce2795cdac77cf5814712aae8f19993b9dbd082faf5024064e12528149649c8ccf004b4a133762f7d2045bf1b4799d4f04e3fadf8183bfe4a5885c01d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe

Filesize
468KB

MD5
b81174f82fba7f8dd4c358b959962d30

SHA1
03df35b5222b34c070ea8b38685685467f8869d9

SHA256
c61256850d6b717e81b7101c6a0a4f679c8fcbf2c698edf73610d76263f3a5ec

SHA512
c90ac0c92800bb51b657b762476a6123e93b40e0ceac7897f6d6478249ac3bbe6ab55322f2ea89c7196dc065462a075aa70b1ea2c3e6e3f80a69fd9daf39ff96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe

Filesize
468KB

MD5
c1882c1a1758e134c757af8af12481e9

SHA1
bf9bff879af23a8e3e91392479013f99759bebc0

SHA256
bec5d27b9022809175c9c53d81f998aeaa5a98cd392108961278d57b4557beb8

SHA512
466b4e83add5904b3456f8f7a7b2336e818f54934816ae1dc6c97834f8281adc8b28d1d4ecc25e736dfb7a9f160687392a791de1af8c9f39f743a9a1120d0adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe

Filesize
468KB

MD5
6751a8fb54e6c687605fbbd304728848

SHA1
56762f5314f5c615f84f97ca80e6c921e49cc94f

SHA256
14ef86d45bb9b41cf19a7c350fef802fa95b90808af0dea91374d975695dcd63

SHA512
4f8c36a10d3792c0570044eb729efdbdf5a4764d64d8a8424948a17bd2658c74ded3629ba366e305311435a71b72e603ab5965ded0ff5d5764ac1c6356bb5bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe

Filesize
468KB

MD5
ce7f08a7ed3f96dee94ea78957140615

SHA1
f030ff3c0e3ad00086bea601c7d8812848042c2f

SHA256
5b11827b655a16ad973598731525d768923c082bc8b98efb200a59d7d474ce50

SHA512
e507d643c2298a47a110549f2002457932d0b537561dda20fd10c1be13bed1e2e9e2a27d7a2c8c0587fadbf6386e46b888bc836b9f38a1247735421363036071

Download Submit
memory/4300-2977-0x0000000002FB0000-0x000000000308B000-memory.dmp

Filesize
876KB

Download