dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af

Analysis

max time kernel
91s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe
Size

468KB
MD5

46d18b562c8ceefb30eb8ed721f3088c
SHA1

5af2fbd818f4814e4deb201657ab8ecf44aaf0cc
SHA256

dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af
SHA512

3f773132da1f5490012a022167b4df695767711e65550424ed0702db962a99f0c04f6a3434f51bb2b699a3bcbb3b71a067fd0d01c5420bfae232c43edf85d108
SSDEEP

3072:1G3HogIKIE5TtbYZHzxOcf8/zChaPLpkJVHeMVPynP5LRHggE3l3:1G3oDMTt+HVOcfu11BnPV5ggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1544	Unicorn-5605.exe
2676	Unicorn-38870.exe
1180	Unicorn-51485.exe
4100	Unicorn-8997.exe
4412	Unicorn-41478.exe
2984	Unicorn-21420.exe
3224	Unicorn-35156.exe
4620	Unicorn-13621.exe
1880	Unicorn-23635.exe
3676	Unicorn-13237.exe
5612	Unicorn-61981.exe
5540	Unicorn-62246.exe
1780	Unicorn-42380.exe
3688	Unicorn-28697.exe
5980	Unicorn-58525.exe
4924	Unicorn-25241.exe
5408	Unicorn-5868.exe
1636	Unicorn-52070.exe
5112	Unicorn-52070.exe
4116	Unicorn-46211.exe
3372	Unicorn-31820.exe
4672	Unicorn-51686.exe
208	Unicorn-58900.exe
224	Unicorn-2293.exe
820	Unicorn-15292.exe
5420	Unicorn-61508.exe
6024	Unicorn-1836.exe
4184	Unicorn-29206.exe
3884	Unicorn-61494.exe
5628	Unicorn-25484.exe
2360	Unicorn-5971.exe
5296	Unicorn-39590.exe
2468	Unicorn-6341.exe
4012	Unicorn-50944.exe
1900	Unicorn-37788.exe
4880	Unicorn-24790.exe
2272	Unicorn-39974.exe
1240	Unicorn-23638.exe
5768	Unicorn-9112.exe
4804	Unicorn-58998.exe
4828	Unicorn-42662.exe
3164	Unicorn-38172.exe
2576	Unicorn-2515.exe
6116	Unicorn-48916.exe
5132	Unicorn-43359.exe
5200	Unicorn-57095.exe
4540	Unicorn-63225.exe
1720	Unicorn-30096.exe
4972	Unicorn-56208.exe
6080	Unicorn-15067.exe
1756	Unicorn-15067.exe
4128	Unicorn-25766.exe
2664	Unicorn-31632.exe
5336	Unicorn-44512.exe
648	Unicorn-44512.exe
4328	Unicorn-22764.exe
4508	Unicorn-3775.exe
5544	Unicorn-23122.exe
5876	Unicorn-58617.exe
3000	Unicorn-9224.exe
6044	Unicorn-22031.exe
6052	Unicorn-21839.exe
5176	Unicorn-44009.exe
5188	Unicorn-37879.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1608	5612	WerFault.exe	107
1076	5980	WerFault.exe	111
1052	5540	WerFault.exe	108
880	1180	WerFault.exe	95
5844	5540	WerFault.exe	108
3116	5612	WerFault.exe	107
556	1180	WerFault.exe	95
5760	5980	WerFault.exe	111
1368	5420	WerFault.exe	124
5888	6024	WerFault.exe	123
4592	3224	WerFault.exe	100
4340	4184	WerFault.exe	133
3220	5420	WerFault.exe	124
2484	3224	WerFault.exe	100
4676	6024	WerFault.exe	123
5740	5200	WerFault.exe	163
4488	5132	WerFault.exe	162
2128	4128	WerFault.exe	170
2052	4116	WerFault.exe	117
6052	1920	WerFault.exe	201
2408	5768	WerFault.exe	152
4472	3812	WerFault.exe	198
6080	5200	WerFault.exe	163
6968	768	WerFault.exe	217
7568	3736	WerFault.exe	230
7796	3224	WerFault.exe	250
9084	7028	WerFault.exe	345
8340	6284	WerFault.exe	359
8380	2976	WerFault.exe	259
10336	6876	WerFault.exe	373
9128	6920	WerFault.exe
7612	6660	WerFault.exe
4332	1716	WerFault.exe	247
11592	1816	WerFault.exe	505
11740	2400	WerFault.exe	519
11732	7528	WerFault.exe
11720	7700	WerFault.exe	473
11712	7036	WerFault.exe	502
11704	5512	WerFault.exe	489
4948	4804	WerFault.exe	153
12900	5880	WerFault.exe	300
12892	7588	WerFault.exe	521
12812	9212	WerFault.exe	551
12800	7584	WerFault.exe	497
12776	7332	WerFault.exe	407
12768	7432	WerFault.exe	513
12760	7480	WerFault.exe	501
12752	5980	WerFault.exe	520
12744	8848	WerFault.exe	539
12736	8548	WerFault.exe	532
12728	1668	WerFault.exe	487
12720	8436	WerFault.exe	530
12712	8580	WerFault.exe	534
12704	8696	WerFault.exe	537
12696	8652	WerFault.exe	536
12688	5400	WerFault.exe	550
12532	7156	WerFault.exe	483
13252	7556	WerFault.exe	522
12380	8424	WerFault.exe	571
13564	852	WerFault.exe	195
13956	9828	WerFault.exe	613
13964	8924	WerFault.exe	579
14248	5216	WerFault.exe	304
14240	7372	WerFault.exe	583

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57431.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe
1544	Unicorn-5605.exe
2676	Unicorn-38870.exe
1180	Unicorn-51485.exe
2984	Unicorn-21420.exe
3224	Unicorn-35156.exe
4100	Unicorn-8997.exe
4412	Unicorn-41478.exe
4620	Unicorn-13621.exe
3676	Unicorn-13237.exe
5612	Unicorn-61981.exe
1880	Unicorn-23635.exe
1780	Unicorn-42380.exe
3688	Unicorn-28697.exe
5540	Unicorn-62246.exe
5980	Unicorn-58525.exe
4924	Unicorn-25241.exe
5408	Unicorn-5868.exe
5112	Unicorn-52070.exe
1636	Unicorn-52070.exe
224	Unicorn-2293.exe
208	Unicorn-58900.exe
5420	Unicorn-61508.exe
6024	Unicorn-1836.exe
4672	Unicorn-51686.exe
3372	Unicorn-31820.exe
4116	Unicorn-46211.exe
820	Unicorn-15292.exe
5628	Unicorn-25484.exe
4184	Unicorn-29206.exe
2360	Unicorn-5971.exe
3884	Unicorn-61494.exe
5296	Unicorn-39590.exe
2468	Unicorn-6341.exe
4012	Unicorn-50944.exe
1900	Unicorn-37788.exe
4880	Unicorn-24790.exe
2272	Unicorn-39974.exe
1240	Unicorn-23638.exe
4804	Unicorn-58998.exe
4828	Unicorn-42662.exe
5768	Unicorn-9112.exe
6116	Unicorn-48916.exe
3164	Unicorn-38172.exe
2576	Unicorn-2515.exe
4540	Unicorn-63225.exe
5200	Unicorn-57095.exe
4972	Unicorn-56208.exe
1720	Unicorn-30096.exe
5132	Unicorn-43359.exe
1756	Unicorn-15067.exe
4128	Unicorn-25766.exe
2664	Unicorn-31632.exe
6080	Unicorn-15067.exe
5336	Unicorn-44512.exe
648	Unicorn-44512.exe
4328	Unicorn-22764.exe
4508	Unicorn-3775.exe
5544	Unicorn-23122.exe
6044	Unicorn-22031.exe
5876	Unicorn-58617.exe
6052	Unicorn-21839.exe
3000	Unicorn-9224.exe
5176	Unicorn-44009.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5744 wrote to memory of 1544	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	89
PID 5744 wrote to memory of 1544	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	89
PID 5744 wrote to memory of 1544	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	89
PID 1544 wrote to memory of 2676	1544	Unicorn-5605.exe	94
PID 1544 wrote to memory of 2676	1544	Unicorn-5605.exe	94
PID 1544 wrote to memory of 2676	1544	Unicorn-5605.exe	94
PID 5744 wrote to memory of 1180	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	95
PID 5744 wrote to memory of 1180	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	95
PID 5744 wrote to memory of 1180	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	95
PID 2676 wrote to memory of 4100	2676	Unicorn-38870.exe	97
PID 2676 wrote to memory of 4100	2676	Unicorn-38870.exe	97
PID 2676 wrote to memory of 4100	2676	Unicorn-38870.exe	97
PID 1180 wrote to memory of 4412	1180	Unicorn-51485.exe	98
PID 1180 wrote to memory of 4412	1180	Unicorn-51485.exe	98
PID 1180 wrote to memory of 4412	1180	Unicorn-51485.exe	98
PID 1544 wrote to memory of 2984	1544	Unicorn-5605.exe	99
PID 1544 wrote to memory of 2984	1544	Unicorn-5605.exe	99
PID 1544 wrote to memory of 2984	1544	Unicorn-5605.exe	99
PID 5744 wrote to memory of 3224	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	100
PID 5744 wrote to memory of 3224	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	100
PID 5744 wrote to memory of 3224	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	100
PID 2984 wrote to memory of 4620	2984	Unicorn-21420.exe	104
PID 2984 wrote to memory of 4620	2984	Unicorn-21420.exe	104
PID 2984 wrote to memory of 4620	2984	Unicorn-21420.exe	104
PID 1544 wrote to memory of 1880	1544	Unicorn-5605.exe	105
PID 1544 wrote to memory of 1880	1544	Unicorn-5605.exe	105
PID 1544 wrote to memory of 1880	1544	Unicorn-5605.exe	105
PID 3224 wrote to memory of 3676	3224	Unicorn-35156.exe	106
PID 3224 wrote to memory of 3676	3224	Unicorn-35156.exe	106
PID 3224 wrote to memory of 3676	3224	Unicorn-35156.exe	106
PID 5744 wrote to memory of 5612	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	107
PID 5744 wrote to memory of 5612	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	107
PID 5744 wrote to memory of 5612	5744	dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe	107
PID 4100 wrote to memory of 5540	4100	Unicorn-8997.exe	108
PID 4100 wrote to memory of 5540	4100	Unicorn-8997.exe	108
PID 4100 wrote to memory of 5540	4100	Unicorn-8997.exe	108
PID 1180 wrote to memory of 1780	1180	Unicorn-51485.exe	109
PID 1180 wrote to memory of 1780	1180	Unicorn-51485.exe	109
PID 1180 wrote to memory of 1780	1180	Unicorn-51485.exe	109
PID 4412 wrote to memory of 3688	4412	Unicorn-41478.exe	110
PID 4412 wrote to memory of 3688	4412	Unicorn-41478.exe	110
PID 4412 wrote to memory of 3688	4412	Unicorn-41478.exe	110
PID 2676 wrote to memory of 5980	2676	Unicorn-38870.exe	111
PID 2676 wrote to memory of 5980	2676	Unicorn-38870.exe	111
PID 2676 wrote to memory of 5980	2676	Unicorn-38870.exe	111
PID 4620 wrote to memory of 4924	4620	Unicorn-13621.exe	112
PID 4620 wrote to memory of 4924	4620	Unicorn-13621.exe	112
PID 4620 wrote to memory of 4924	4620	Unicorn-13621.exe	112
PID 2984 wrote to memory of 5408	2984	Unicorn-21420.exe	113
PID 2984 wrote to memory of 5408	2984	Unicorn-21420.exe	113
PID 2984 wrote to memory of 5408	2984	Unicorn-21420.exe	113
PID 3676 wrote to memory of 1636	3676	Unicorn-13237.exe	114
PID 3676 wrote to memory of 1636	3676	Unicorn-13237.exe	114
PID 3676 wrote to memory of 1636	3676	Unicorn-13237.exe	114
PID 3688 wrote to memory of 5112	3688	Unicorn-28697.exe	115
PID 3688 wrote to memory of 5112	3688	Unicorn-28697.exe	115
PID 3688 wrote to memory of 5112	3688	Unicorn-28697.exe	115
PID 4412 wrote to memory of 3372	4412	Unicorn-41478.exe	116
PID 4412 wrote to memory of 3372	4412	Unicorn-41478.exe	116
PID 4412 wrote to memory of 3372	4412	Unicorn-41478.exe	116
PID 3224 wrote to memory of 4116	3224	Unicorn-35156.exe	117
PID 3224 wrote to memory of 4116	3224	Unicorn-35156.exe	117
PID 3224 wrote to memory of 4116	3224	Unicorn-35156.exe	117
PID 1780 wrote to memory of 4672	1780	Unicorn-42380.exe	118

C:\Users\Admin\AppData\Local\Temp\dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe
"C:\Users\Admin\AppData\Local\Temp\dd94692ba313523f198cfb1110529ad4a08ccff4d89c990439ec4c3401ea53af.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 628
        6⤵
        Program crash
        
        PID:1052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 628
        6⤵
        Program crash
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        8⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 640
        7⤵
        Program crash
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 632
        6⤵
        Program crash
        
        PID:5740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 652
        6⤵
        Program crash
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        6⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 636
        7⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        6⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28425.exe
        5⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        6⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21646.exe
        5⤵
        
        PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 644
        5⤵
        Program crash
        
        PID:1076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 628
        5⤵
        Program crash
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 732
        5⤵
        Program crash
        
        PID:1368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 556
        5⤵
        Program crash
        
        PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        5⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        6⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        9⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        7⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 640
        8⤵
        Program crash
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        7⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        7⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 636
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        7⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
        6⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        6⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        7⤵
        
        PID:16132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 632
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        5⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        6⤵
        
        PID:372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 484
        5⤵
        
        PID:14428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 720
        7⤵
        Program crash
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        7⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 648
        8⤵
        Program crash
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
        7⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        7⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 712
        8⤵
        Program crash
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 640
        6⤵
        Program crash
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 628
        10⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        9⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
        10⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        11⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 508
        9⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        9⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        9⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43686.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        6⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 636
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        6⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        7⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
        6⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        6⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        9⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 628
        10⤵
        Program crash
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 744
        9⤵
        Program crash
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
        8⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 632
        9⤵
        Program crash
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
        8⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        9⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
        8⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        7⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        5⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        9⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26335.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        7⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        5⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        8⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 780
        7⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        8⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 676
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        7⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        6⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 640
        7⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        6⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
        6⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 632
        7⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        7⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        5⤵
        
        PID:7036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 628
        6⤵
        Program crash
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        5⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        6⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        7⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 640
        8⤵
        Program crash
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 752
        7⤵
        Program crash
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        7⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 636
        8⤵
        Program crash
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 636
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        7⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 656
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        6⤵
        
        PID:6676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 648
        6⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        5⤵
        
        PID:10904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 724
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
      4⤵
      PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
      4⤵
      PID:7528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 636
        5⤵
        Program crash
        
        PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
      4⤵
      PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        5⤵
        
        PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
      4⤵
      PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        5⤵
        
        PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
      4⤵
      PID:15592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        7⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        6⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 648
        7⤵
        Program crash
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        5⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        7⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
        6⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 640
        7⤵
        Program crash
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        6⤵
        
        PID:9936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 652
        6⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 632
        6⤵
        Program crash
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        6⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        6⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        5⤵
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 712
        6⤵
        Program crash
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        7⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 652
        7⤵
        Program crash
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        7⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 636
        8⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        7⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19673.exe
        7⤵
        
        PID:12016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 712
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 728
      4⤵
      Program crash
      PID:5888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 728
      4⤵
      Program crash
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
      4⤵
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        5⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 640
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        7⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 724
        8⤵
        Program crash
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
        8⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        7⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        6⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 632
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        6⤵
        
        PID:15432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        8⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 624
        9⤵
        Program crash
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        9⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        10⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
        10⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        9⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        8⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        9⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 428 -s 668
        9⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        9⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 788
        8⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        9⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 736
        8⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37788.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        7⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        7⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 720
        7⤵
        Program crash
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        6⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 632
        7⤵
        Program crash
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        6⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 636
        7⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        6⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        7⤵
        
        PID:11588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 776
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        5⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        6⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        7⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        7⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 648
        7⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        6⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        7⤵
        
        PID:14444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 516
        6⤵
        
        PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        
        PID:7400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 636
        6⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        6⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        5⤵
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        8⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 636
        9⤵
        Program crash
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25174.exe
        7⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 644
        8⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 644
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        7⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 644
        8⤵
        Program crash
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        8⤵
        
        PID:14616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 692
        7⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        8⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 640
        8⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        7⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 656
        7⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
        6⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 644
        7⤵
        Program crash
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        6⤵
        
        PID:11064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 736
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        5⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        5⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        6⤵
        
        PID:11040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 632
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        5⤵
        
        PID:10284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 608
        6⤵
        
        PID:14352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 720
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
        6⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 632
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        7⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        8⤵
        
        PID:15252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 652
        7⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        7⤵
        
        PID:13188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 660
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        9⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        8⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        7⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        6⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 636
        7⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        7⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        6⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
        7⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
        7⤵
        
        PID:796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 720
        6⤵
        Program crash
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
      4⤵
      PID:7584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 632
        5⤵
        Program crash
        
        PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        5⤵
        
        PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
      4⤵
      PID:15404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        6⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 624
        8⤵
        Program crash
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 724
        6⤵
        Program crash
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 632
        5⤵
        Program crash
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
      4⤵
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 644
        8⤵
        Program crash
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        7⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 664
        7⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        5⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        7⤵
        
        PID:14604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 636
        6⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        5⤵
        
        PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        6⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        8⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 720
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        6⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        5⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        5⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
      4⤵
      PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        5⤵
        
        PID:15300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 720
      4⤵
      PID:5160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 716
    3⤵
    - Program crash
    PID:880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 716
    3⤵
    - Program crash
    PID:556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        8⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        6⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        6⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        9⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        8⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        7⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        6⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 636
        7⤵
        Program crash
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        6⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 632
        7⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
        7⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 632
        8⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 748
        7⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        6⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 636
        7⤵
        
        PID:12216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 644
        6⤵
        Program crash
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        7⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 636
        8⤵
        Program crash
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45536.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        6⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 720
        7⤵
        Program crash
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        6⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20665.exe
        6⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        7⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        6⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 644
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        5⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        7⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 636
        7⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        6⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6007.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        7⤵
        
        PID:14936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 676
        6⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        7⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 644
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        7⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        6⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 644
        7⤵
        Program crash
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4565.exe
        6⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        6⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        5⤵
        
        PID:2980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 548
        6⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8102.exe
        5⤵
        
        PID:10512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 640
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      4⤵
      Executes dropped EXE
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        5⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        8⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 640
        9⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 652
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        7⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        6⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 636
        7⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        6⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 636
        7⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        5⤵
        
        PID:5980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 636
        6⤵
        Program crash
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        5⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        6⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        5⤵
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        7⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 632
        8⤵
        Program crash
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
        7⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 656
        7⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 632
        7⤵
        Program crash
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 636
        6⤵
        Program crash
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        6⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 540
        7⤵
        Program crash
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 540
        7⤵
        
        PID:1328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 660
        6⤵
        
        PID:11492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 660
        6⤵
        Program crash
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 624
        6⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        6⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
        7⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        6⤵
        
        PID:12384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 660
        5⤵
        Program crash
        
        PID:4948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 636
      4⤵
      Program crash
      PID:2052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 728
    3⤵
    - Program crash
    PID:4592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 728
    3⤵
    - Program crash
    PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5612
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 724
    3⤵
    - Program crash
    PID:1608
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 724
    3⤵
    - Program crash
    PID:3116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
      4⤵
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        6⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 636
        7⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        6⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        7⤵
        
        PID:12796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 664
        6⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40713.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        9⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        7⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 636
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        6⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        7⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        6⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        7⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        6⤵
        
        PID:3940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 672
        5⤵
        
        PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
        5⤵
        
        PID:5400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 636
        6⤵
        Program crash
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        5⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        6⤵
        
        PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
      4⤵
      PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
      4⤵
      PID:12312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        6⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        5⤵
        
        PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
      4⤵
      PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
      4⤵
      PID:2400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 636
        5⤵
        Program crash
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
      4⤵
      PID:12680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
    3⤵
    PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
    3⤵
    PID:3980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 644
      4⤵
      PID:10040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
    3⤵
    PID:7488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 636
      4⤵
      PID:13948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
    3⤵
    PID:7796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
    3⤵
    PID:15200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
  2⤵
  PID:768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 624
    3⤵
    - Program crash
    PID:6968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
  2⤵
  PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
    3⤵
    PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      4⤵
      PID:13368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
    3⤵
    PID:11088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
  2⤵
  PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 636
      4⤵
      PID:14668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
    3⤵
    PID:11680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
    3⤵
    PID:4620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
  2⤵
  PID:12088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
  2⤵
  PID:15840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4768,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
1⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5980 -ip 5980
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1180 -ip 1180
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5612 -ip 5612
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5540 -ip 5540
1⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5612 -ip 5612
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5540 -ip 5540
1⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1180 -ip 1180
1⤵
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5980 -ip 5980
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6024 -ip 6024
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5420 -ip 5420
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3224 -ip 3224
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4184 -ip 4184
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5420 -ip 5420
1⤵
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3224 -ip 3224
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6024 -ip 6024
1⤵
PID:1160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5200 -ip 5200
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5132 -ip 5132
1⤵
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4128 -ip 4128
1⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6080 -ip 6080
1⤵
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 820 -ip 820
1⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5628 -ip 5628
1⤵
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4116 -ip 4116
1⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 208 -ip 208
1⤵
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4924 -ip 4924
1⤵
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1880 -ip 1880
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4620 -ip 4620
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2676 -ip 2676
1⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 820 -ip 820
1⤵
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6080 -ip 6080
1⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5296 -ip 5296
1⤵
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6052 -ip 6052
1⤵
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 208 -ip 208
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5628 -ip 5628
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4924 -ip 4924
1⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1880 -ip 1880
1⤵
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2272 -ip 2272
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4620 -ip 4620
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2676 -ip 2676
1⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6116 -ip 6116
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1920 -ip 1920
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5296 -ip 5296
1⤵
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3812 -ip 3812
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5768 -ip 5768
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6052 -ip 6052
1⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2272 -ip 2272
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1920 -ip 1920
1⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6116 -ip 6116
1⤵
PID:1176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3812 -ip 3812
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5768 -ip 5768
1⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4540 -ip 4540
1⤵
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5200 -ip 5200
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4128 -ip 4128
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5132 -ip 5132
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4116 -ip 4116
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4540 -ip 4540
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 396 -ip 396
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2452 -ip 2452
1⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2092 -ip 2092
1⤵
PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5396 -ip 5396
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 768 -ip 768
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5624 -ip 5624
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5528 -ip 5528
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3256 -ip 3256
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1768 -ip 1768
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3736 -ip 3736
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 396 -ip 396
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4908 -ip 4908
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5724 -ip 5724
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3224 -ip 3224
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3652 -ip 3652
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2572 -ip 2572
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2380 -ip 2380
1⤵
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5960 -ip 5960
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5064 -ip 5064
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2084 -ip 2084
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2452 -ip 2452
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2092 -ip 2092
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5624 -ip 5624
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 768 -ip 768
1⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5528 -ip 5528
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5560 -ip 5560
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5396 -ip 5396
1⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3256 -ip 3256
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5544 -ip 5544
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 1768 -ip 1768
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1076 -ip 1076
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2468 -ip 2468
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5876 -ip 5876
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 592 -ip 592
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5112 -ip 5112
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 1140 -ip 1140
1⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4824 -ip 4824
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5176 -ip 5176
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1544 -ip 1544
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2576 -ip 2576
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4508 -ip 4508
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5336 -ip 5336
1⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3736 -ip 3736
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4908 -ip 4908
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5724 -ip 5724
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3224 -ip 3224
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 2572 -ip 2572
1⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3652 -ip 3652
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2380 -ip 2380
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5064 -ip 5064
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5960 -ip 5960
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 2084 -ip 2084
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5560 -ip 5560
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1804 -ip 1804
1⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5544 -ip 5544
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1076 -ip 1076
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5876 -ip 5876
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2468 -ip 2468
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 592 -ip 592
1⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5112 -ip 5112
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4824 -ip 4824
1⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 1140 -ip 1140
1⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5176 -ip 5176
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1544 -ip 1544
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2576 -ip 2576
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4508 -ip 4508
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5336 -ip 5336
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6696 -ip 6696
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6284 -ip 6284
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6472 -ip 6472
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7064 -ip 7064
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6580 -ip 6580
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4528 -ip 4528
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 1676 -ip 1676
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6936 -ip 6936
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 6164 -ip 6164
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 6548 -ip 6548
1⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 6428 -ip 6428
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6556 -ip 6556
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6880 -ip 6880
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6688 -ip 6688
1⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6876 -ip 6876
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6464 -ip 6464
1⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 6480 -ip 6480
1⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 7028 -ip 7028
1⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6184 -ip 6184
1⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 7108 -ip 7108
1⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 6404 -ip 6404
1⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1804 -ip 1804
1⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 4124 -ip 4124
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4272 -ip 4272
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 6356 -ip 6356
1⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 4332 -ip 4332
1⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 2976 -ip 2976
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6284 -ip 6284
1⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 4672 -ip 4672
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6696 -ip 6696
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 7064 -ip 7064
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6472 -ip 6472
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 3676 -ip 3676
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6580 -ip 6580
1⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3164 -ip 3164
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4528 -ip 4528
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 1676 -ip 1676
1⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6548 -ip 6548
1⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 6936 -ip 6936
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 6164 -ip 6164
1⤵
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 4116 -ip 4116
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6428 -ip 6428
1⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 6556 -ip 6556
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6836 -ip 6836
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6832 -ip 6832
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6236 -ip 6236
1⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6516 -ip 6516
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 4632 -ip 4632
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6964 -ip 6964
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6256 -ip 6256
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 3184 -ip 3184
1⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 4816 -ip 4816
1⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7124 -ip 7124
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6876 -ip 6876
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6880 -ip 6880
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6688 -ip 6688
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6480 -ip 6480
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6464 -ip 6464
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7108 -ip 7108
1⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6184 -ip 6184
1⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6404 -ip 6404
1⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 4124 -ip 4124
1⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 4272 -ip 4272
1⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6356 -ip 6356
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4332 -ip 4332
1⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4672 -ip 4672
1⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3888 -ip 3888
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6920 -ip 6920
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6156 -ip 6156
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6660 -ip 6660
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3676 -ip 3676
1⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3164 -ip 3164
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7092 -ip 7092
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4116 -ip 4116
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7412 -ip 7412
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 7948 -ip 7948
1⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 7876 -ip 7876
1⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7732 -ip 7732
1⤵
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7380 -ip 7380
1⤵
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 7828 -ip 7828
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7240 -ip 7240
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1532 -ip 1532
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 7080 -ip 7080
1⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 1372 -ip 1372
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7816 -ip 7816
1⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7656 -ip 7656
1⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 8048 -ip 8048
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6864 -ip 6864
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 6836 -ip 6836
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6236 -ip 6236
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6832 -ip 6832
1⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6516 -ip 6516
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6256 -ip 6256
1⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4632 -ip 4632
1⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1268 -p 1716 -ip 1716
1⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3184 -ip 3184
1⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4816 -ip 4816
1⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 6964 -ip 6964
1⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 4444 -ip 4444
1⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 4804 -ip 4804
1⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7124 -ip 7124
1⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1816 -ip 1816
1⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 5512 -ip 5512
1⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 7036 -ip 7036
1⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7700 -ip 7700
1⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7528 -ip 7528
1⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2400 -ip 2400
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7716 -ip 7716
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7400 -ip 7400
1⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7804 -ip 7804
1⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8108 -ip 8108
1⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 8128 -ip 8128
1⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 7756 -ip 7756
1⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6928 -ip 6928
1⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 7228 -ip 7228
1⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 2980 -ip 2980
1⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4716 -ip 4716
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4852 -ip 4852
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 852 -ip 852
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3980 -ip 3980
1⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7500 -ip 7500
1⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5400 -ip 5400
1⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 8696 -ip 8696
1⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7156 -ip 7156
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 8652 -ip 8652
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8580 -ip 8580
1⤵
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 1668 -ip 1668
1⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 8436 -ip 8436
1⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 8548 -ip 8548
1⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8848 -ip 8848
1⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5980 -ip 5980
1⤵
PID:14256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7480 -ip 7480
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7432 -ip 7432
1⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 7332 -ip 7332
1⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7584 -ip 7584
1⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 9212 -ip 9212
1⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7588 -ip 7588
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 5880 -ip 5880
1⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3888 -ip 3888
1⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 6156 -ip 6156
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 8204 -ip 8204
1⤵
PID:15076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 8060 -ip 8060
1⤵
PID:15184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7556 -ip 7556
1⤵
PID:15308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 7092 -ip 7092
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 7412 -ip 7412
1⤵
PID:14380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 7876 -ip 7876
1⤵
PID:15124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 7732 -ip 7732
1⤵
PID:15232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 7948 -ip 7948
1⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7828 -ip 7828
1⤵
PID:15240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 7380 -ip 7380
1⤵
PID:15296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8424 -ip 8424
1⤵
PID:15188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1372 -ip 1372
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 7080 -ip 7080
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 1532 -ip 1532
1⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 7240 -ip 7240
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 8048 -ip 8048
1⤵
PID:15384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 7816 -ip 7816
1⤵
PID:15392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 6864 -ip 6864
1⤵
PID:15476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 8040 -ip 8040
1⤵
PID:15696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 316 -ip 316
1⤵
PID:15756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 9844 -ip 9844
1⤵
PID:16028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 7488 -ip 7488
1⤵
PID:16196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 8924 -ip 8924
1⤵
PID:16252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 9828 -ip 9828
1⤵
PID:16260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 8328 -ip 8328
1⤵
PID:16332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 7372 -ip 7372
1⤵
PID:15296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 5216 -ip 5216
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6364 -ip 6364
1⤵
PID:14612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 9776 -ip 9776
1⤵
PID:15240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 9080 -ip 9080
1⤵
PID:6716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe

Filesize
468KB

MD5
a265d955c90d818051194be423af1980

SHA1
1af2461fb1640637f59b31963d1713c729a15cef

SHA256
d21e097ee8e7e9475f029c5cc25adf38a2b43ae53feed9825b4a5d25c4b7b652

SHA512
77b87c4c6a840352f639d62c569f9ce8c5ffc16794fd2fe87e17bbd145c206836646f33efa8999362c7a6a6db1402f2346672ca3cc0f3510b06be21d7ac0e498

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe

Filesize
468KB

MD5
6eb18cba4b54ec0c344ae2355e78f0fe

SHA1
f41d1fc28fc5f9a9c11abd940c35ffe8dcfb1ece

SHA256
96d45c01ac2f2283282496ef1bfe1d4a270afb1c494823d133d3a59ad7c7610b

SHA512
fc8cae6f952cc0278231e949221865b959e719c53bebbd8ea421778008e1310c7705a69646447ce390cdbae1f0cd0c32bc9db5695dbb2fb662e87b2a8f9516bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe

Filesize
468KB

MD5
7742e2caaa15a9a20b4987c4fd114e67

SHA1
c42dde75b5d8dcbf4691883a71d680ece73e6e21

SHA256
3633d86a5cee0b46b444ea1cbac8418c6bf9fd26e7392923783d008694c95e86

SHA512
7ab1804f7c95bacd66b7515fc83fb87ef17f6b20bf446a75fdf5e6ecea592b7326361971436888eab44de76b06252548cb7313abc6bfc39977ea81a21b62dbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe

Filesize
468KB

MD5
302824b82780e588553297a5dd239a1f

SHA1
ab5f01cec621be5d8ec3bdc2a6381dbf8193968d

SHA256
72834c1259ee5d44b7a9faed0f6c4222d328820a7cd53a4b8ffba10712484a75

SHA512
40b1a3b7648d03bef59cf2046469246e2c5e7a5588ec0c13b22b443d7a357bca4317463480df72f511169880296a4f5a8be62c7ed99dbdde6693c4231a84246c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe

Filesize
468KB

MD5
1305e17313bb64b8db4bf5a77a5971ed

SHA1
eed723d638125f499f0c0d0035247219c13c1118

SHA256
ef83ba32e4e6f3d4e17a689f2114976a07fa8f68f1ce03a4b2f70482e99f408c

SHA512
b39f7c86601a438c8677ceab0131a26b5e89e595556e3631f5f6ed60b059044af5c378addb0a7e838d18f056e5b1dfae52e6e502ebc01ca509a2cf36a85886df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe

Filesize
468KB

MD5
fd7b776ddd93360cbfffd2ca4d8cb247

SHA1
70d21eb4c5e29cbe9e6c3531579e36bed839c966

SHA256
e5037e1a72a4d8e236fdea40a4c8355485a60943bcd8ba927ecaddab2fff4d28

SHA512
5969f05cb2acca50f962593d3b23a3b9fcc6fcb22031ddf666b8f4c30c0948de1dc86d99a0b6e99c2c723ff7a447823d25d5a46458bffb4852889dd39a7aa2fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe

Filesize
468KB

MD5
f6648691149cbca8517237e953621c3d

SHA1
66fa23a5345a39c8ff35f6c184ac73d1a3b75b6b

SHA256
cf2414f257f4193f68235f0496c9ad88812c1d3d1bfabc510edf3c357da43ba6

SHA512
fb510e81f6f4495decd8fd64e62fa992528786a855c17b8019b58b87779780f0b33d3dce114305b8c4af798cb3d34099808444652a90f87648a56571388742d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe

Filesize
468KB

MD5
a36a4db0212406383c892eea4f8dfe69

SHA1
ffd77cf11511a6a457c910397ecbb0c228e8c8c1

SHA256
65c07e4f7b0ba1e3858d651114312b5583962542decb2f469fccc8d7ab4b3019

SHA512
7d921c4b928d0870e76ee397c1cc6bf439865b3731b91012895dd4756a01873d8c03ff15e548a392effc3dbc4852f2c8c4ec87905a15e7ba7ec88840aa5fa8bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe

Filesize
468KB

MD5
817bfbeb714303effd17a1ba6256ae0e

SHA1
664776f79a4827b5a51624843b69554c71a4523a

SHA256
2d3d86aeac4b7ee011a5b1e01ba914499929c517675e3d2b914f2c31e46e6ec4

SHA512
cc9aa3c88e4109f569096d901a6872729b8920b75eb787cecc985a7655abb0e21a05ebfd0f9d4a04629f6e7ab42e532d20d26beaac4aa0e491ae17aa10ad1ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe

Filesize
468KB

MD5
6e0fd9055cb82e31fb5f8812d05e0632

SHA1
1725ececf30cfdb7671c39ec065c88b9d3a09281

SHA256
8e3f1858ef6d77b32d13327f7eb4e0ec8d76bd8b5f0ef296ebf7f304de1a2e77

SHA512
411f629fc6b5ace67424a25f9967da1e7af7aea621f9a04c2c75594750bc06c1c07b2737688eb8d34f0b3c0ab89bc9e4b4ad711789161ee6de31160c83eb8198

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe

Filesize
468KB

MD5
2895332da9acc675ab0fb4445a0a346f

SHA1
afe0bc9e7d015dd82482379c4d43572f42ac437f

SHA256
f90f73b473fd7987c344ecd1c0211b09fa80f021a5659827675d24bd52c633b3

SHA512
c25466a9b1c9ba2d82c563f8575f7961c403249d338ae573d586de690d5ecc754cb89fb39741bb4d5421600fe18ff7660876239063f67b7208ab322baf49e28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28697.exe

Filesize
468KB

MD5
f50c2537f033d30ccd1668b01ad8eb91

SHA1
62c31861403c2a781f14d47ec243bf31e1a56d0f

SHA256
05cead652a6d23cabac2130eaf8e7b4c701b377b9d8a65a71440f63c0462eac3

SHA512
37d371cbc0837b771b43513a4d77c7563f646b80deb47be51ddff09756cc5ce3c3a4e78f613179676393f3189b8342cf65e96c84db5585011808b1c2cdb5d00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe

Filesize
468KB

MD5
3ef13f78ee002d02e41cbd3030b35af5

SHA1
bf6dfb3dcd42118f2b36bc1bb999cbf9104fc1f8

SHA256
f5fc8543df077d39fc911353eb8babc04f824a5462e4ccc8108d7e98ce911c5f

SHA512
10befde0c0b0ee6cdb4e9be51318f4617b56de1bd440600673b9566038aec4db86447b4a30ac778283153313f9be2bae132c1a810cd91a72ca3f2d7ed745e937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe

Filesize
468KB

MD5
03cf765d22b11ea07cebd9e7cdecd62e

SHA1
0539f3a9c22000a4183b481abe794719e6cd677b

SHA256
c631d17c1ae722887669aed476122eb3b34a5cb585414acfae7dfc92bdba1056

SHA512
e6c93a2b74c0b0935fc9a190ef00c81858ceacc1586d8add38d5eb32520a138c85f31b0b22ca8c3941695cbf4c6fc86ea1c3791d51e41f8dab91ca503c0082a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe

Filesize
468KB

MD5
c5de8de82b8a7679a461b711d290a6c2

SHA1
f45d7bad53d5db425fc9653c27c707d1c538e21c

SHA256
6d562cf5117a8a41afe5e4b53533d73a64922a87f0f94af2ff9b4f9767099d4e

SHA512
ab6857cf91d9f0eb03a43d7e6042004e0fd0df4147a0d761c66fc502270228e0abe6dea017d0c72c97a917ea104ac3eb7f35b5c5dbd5b57c97270f5335a74ec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe

Filesize
468KB

MD5
20d53e4d70bea7e3b42441ae8319400a

SHA1
2a56b2d84b496d818e8fa908c428a1ded86af831

SHA256
0629a2f07a6df95d1d5010107fe0dca4e5ac3faef9edaa648fa99285908669f8

SHA512
c8f4eaf756dcd39c93e1ffc039234e9405246df8aefaa2471a2cb7439d1a77d3a1c5d143516a38473cbfe0f87b233fd084da5c8d796c95cef7d2b8d1a4c4965b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe

Filesize
468KB

MD5
649c9d410a0291fa58335f6b112c08fc

SHA1
fdb5ed73d7fd1da4ccaef373a1a3bfaedd861b6c

SHA256
52f46d89f45c7ad740eae15be606bc126f8cc8025fb9b7087db202cfe4a534e2

SHA512
9cc959bd38b4af0bcffe0cbca9b00f87434758c7e154f37b1371d16d385d0c529e511826125b8ece55b52f79f0eb5ae6f1183717c253fd03ad76f96d278c362d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe

Filesize
468KB

MD5
92968bebab9c40635124fbb9f67a6f0d

SHA1
f44100806e12cc516f062d7c749602d4832431ae

SHA256
4b960632159291484602b0f10b3e57a570132d4b3160858b7e1c333661315c7d

SHA512
fc0c32c08a8509f9edbafa47b7a9f6fe011e3df70ff93ad3f23c078a27dd407e5fc5d6ec1f603da3683f46ab1a47351b18d70cc72fb27c654594df0b730b2192

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe

Filesize
468KB

MD5
8a3d7d0569c3590bd80f9fe43b5d76e8

SHA1
70e9bd88efdd5ac34469b21124cc10517d63b5d5

SHA256
e57a42e1fe01e8be9e883d815224e7aae2ac088c9425e089ac3283c75d314eee

SHA512
ed3e1b733334ed53d4ed8ea17115ab01064ee74c160ba7cb07222eef1f3556c433810ab1fc8368b813117b6b61d8abd0507d0b33697a81b0b0b33b7594a06d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe

Filesize
468KB

MD5
b0819e45b8234e42a1c23bd9bc828b3c

SHA1
a67ef28a4984641cef6b1d58310282136ca35855

SHA256
18c4550ed9a4d0ab548dc783dcf8702e797ec8faf692b3cf7a994171a79b5554

SHA512
61bfdf07a885dd4b004fc1a34a282138197b14b384239114bb45f074e627914195c810c4a64d7537f406476e7f856bbbffaedc525edcdb626821156be7bf9854

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe

Filesize
468KB

MD5
b0f4702ced1db51d4393dc27e6946e2a

SHA1
6c6fa2dac19fc6a9133aef2abdeed6d79655aefd

SHA256
2ebea0afbd49b0c33d98c9d3f835991ab2dc56b6f33620bec9d394000c3f7ab3

SHA512
daf8f48b4235608387ac0d8f026422c73ccd99aadb93e1a81988a44c23dfe0efbd568dae3ad9de8e2743187b73a5d86030a509746792e0449228d437dc2e80d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe

Filesize
468KB

MD5
4a4220f032ed4a960e8971973bf0ea8a

SHA1
b13a0f70bc1222bd290013e6253d382010ed1390

SHA256
487d63d7bd8ab22a60cac9ab31a9e3f4d3d2a88833caf794191fda5bba1aeafd

SHA512
f551c15a43d21ac8122915b7f1272a7903ff635239173b2ff9c4ea909ad8b99598dbffa5cdb6b7fda80f2b323ebd30a979587fac46ed64ae46aa8c210644cbef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe

Filesize
468KB

MD5
66af4b8aa3381e7dfa86c54ed02e9b24

SHA1
ad498cbfe9defdbf7137744af9e9c5e3c80301d3

SHA256
4ff56be4d049f6a4385d6ad9f5e7f2dfab08304e0596b1f55470199e5c0cd57d

SHA512
e485aa04c12bb20734942c48b76ce08e41f25a69ed0a73d500da96ed6f4bfdf860c8311f6fbe61b24799c8092cef8b3faa4a1c6b4f113a3981150c9672167a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe

Filesize
468KB

MD5
c3d7ce1aaaf6275f3f61c60f25d02ba3

SHA1
d60094687be92756d4dccba07a4e65b9c8e264f9

SHA256
b667447f495a4bc7eb56ded2677f3c129d8979deccd1139e117696db91806721

SHA512
63d6ee1e1b6c9729fbe38a89185bc63e1993c7cc6aa25a5d5c98d44b6e94081d357b25e314e6dddeb525cab13c2bc8308a862f4f6ba9db0b57156299664b3a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe

Filesize
468KB

MD5
548aeb2f08a204b68a9ecf0bb1047949

SHA1
25f04c375a60c08f3f069a5f1f1b79b35f04328b

SHA256
a75fd3771c87635b0472a16c35f96a38ea70abf3508fc02e7c5c9342db10c7a4

SHA512
44671dacb086db1e9f3f4adb62a05b641ad1cda4b00b965189fe425a0545e1bcfc23ab765f3dff9e877a3315ab76531b34f5bbd1661a2576df157402768ec8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe

Filesize
468KB

MD5
4235ebaac521480392f3cf2fc3ddf412

SHA1
469b3b75245750c697ee3bf5705e8903ed7cd2e9

SHA256
570163796845d82037ed11357d0396539b1041441629790d3223822292dcb4c2

SHA512
97ee7ecf3f97efe8e1e56c13e4490c70b1d9c8b1ac9d976d3f3126329360b7ac2a6246210a832ce351bf9c77f3c050cdb3b52c75e35b0548d78d900df7a77a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe

Filesize
468KB

MD5
df7ffeb811f76aee2ae642809ae31f80

SHA1
82da00fd4465d4def792495865f1d748fefc902b

SHA256
700bea69bc1c14c948d59b2ca177fefc613925a7678615937a68921508aca13f

SHA512
dd4c98a803c130417c9e95e73dd0ea7bce5ffa6e03061e777dea53db0788f73dc15be6afdd44f85f4e9c60d8a02052162723ad6864fd0fcbc14ba17ff433cdb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe

Filesize
468KB

MD5
a1a40893c39b68134ca0e000085db61e

SHA1
e891073d3ff14f095626c7925c10278ade57bc9a

SHA256
117e30ce2be2b4e2f47da31548e44d6509bd658396f2b169e811d8e260c88084

SHA512
29dae6292f07f0e2945d99930de97d5fc0dfa00308037e369f26571cac6f1796f2aa82653f9b8a9d8aff68d0504e9958282a960043e1edfd0a91e80087ffb53c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe

Filesize
468KB

MD5
6222e7c58d405cbcc28c3c0420be2576

SHA1
97b7528ad770958c11075550b59203263977a74e

SHA256
4f5f4961a0cd106cbeaf08cbb98ba05832e4cd9c8984c51c254e9c01b7a850e9

SHA512
fa51d76588f8a09aa54972dd75b4097015e24afcf740185a5781d8b3b3595fd085fa0ee2d773b55db50d685671b1a0a5b2023a6d25f39cf1574f47b1ecd0700a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe

Filesize
468KB

MD5
78e6879128c1c21158bf80632d39781e

SHA1
dfb5c163defe62412426b9e37947b2d1353d8ebe

SHA256
61e41fbdb8b5a359007de3a45904c90c0c5bd038e879d31b6f9fca81a3ab894a

SHA512
3203e8cd6305e2d5b8799dd9d8802d9dee829d15c152f6ba9b62d79dd328c77c05cd94d4f11fccdc2f8c000b7d65c09408df43638e0207f22ad5df15e9945f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe

Filesize
468KB

MD5
7b462396dc755d8ad3a164fe6828ad07

SHA1
d4610acead21903c8b463654e273c43d91ce7fd1

SHA256
9a82721c4b23df998afbcf4ac48f450c4b25e2e7f9e163ec7e858e0eac0204c2

SHA512
ddc184c851a6677668fe75d8fdea4507aefe80b70051c7db27670f7e84f3d4abeb22d0c002f16e288d4152a00de43a3e28d6d79a9de8a6f02036d811cf4703f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe

Filesize
468KB

MD5
60dd1b352d79b5fa9d2392a5da28d1c4

SHA1
6886230d001f23be8a03dc981a8c68a683e88f6e

SHA256
19b9a16fcdf28196e6731a30992bb054bd73e6e8f854238c6cbceada2ade48a7

SHA512
4f0b69b15b060944be0a20feacda4c5aabafb496d70f50c09ea05be7c617a5e16ad4e36d37cbdbd509ebeb502ca2e9d80fe7e5e3f5ee47a72328acd2b988e709

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe

Filesize
468KB

MD5
ddaf1f3986a4e97f48d75510efe0bad3

SHA1
d5e3035e3ddffea1fc6fe215b3ae5157db12881f

SHA256
80d648174603e1907f907cfe2250a2eb6c59f4ea1e10e33049bf93d506a97812

SHA512
1f425b79abf3f049a3f1b7147435025fe8214aa91e7110ad340ed6e129e0391dafe1036fe7de9d0291c0e6154846e4f3e39705087d4d7004b75a94b17d351a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe

Filesize
468KB

MD5
680e324afbae95fa884cd166caa6b7f6

SHA1
9a6eed5c10c5793ef9d24a006383dc83dfd292a7

SHA256
2c196f3ea173e40965d021216afc872821778567ecbab88082c87e036f3f5078

SHA512
f58e073db4040899f11dde14a965b115a91f28b85a5c9933ac30ccbcf6604134fd5996ed79ef0a62564420d91973c96d890a1e01d1245fde64f4303858c91e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe

Filesize
468KB

MD5
cff2e80c83deae068a370ee1e2c72e1d

SHA1
414c55a791fb2060fa726735324e5679661a011e

SHA256
1112b2ea91afd492bf8ea8932ac50b32e94548ae6f8d29d5fb5b2836368c6631

SHA512
f1c70184bcde4468737373070d7ecdf41075fec2b09a2d9adb27b13a3dfafcacc27b5f958dd78671658a40001c2dbc17f07b4afa6aff8415ed58cbf3cbb96f23

Download Submit
memory/3884-2534-0x00000000777E0000-0x00000000778B3000-memory.dmp

Filesize
844KB

Download
memory/13212-2522-0x00007FF9EC610000-0x00007FF9EC805000-memory.dmp

Filesize
2.0MB

Download
memory/16032-2507-0x0000000075B00000-0x0000000075B9F000-memory.dmp

Filesize
636KB

Download