34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38

Analysis

max time kernel
119s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
Size

468KB
MD5

f07aeeaf716b5bf106e4348426570120
SHA1

bd1421cc8657e7492265d461acdc92e3e3746ebb
SHA256

34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38
SHA512

cf85e0facb8f40c636b7897a439a28c0343d65399711d4e909bf83a4e8993dc0140486707678aaa11c5a2e7dd4e3303e75eb5be430f35cb3a946535dc074c03a
SSDEEP

3072:2bCgoDcnI05UtbY+Pztjcf8/VCMvCzupb6KHexVsnmfl/mch7ORlQ:2bZoT8Ut5PJjcfp+ESmfpTh7O

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 58 IoCs

pid	Process
4968	Unicorn-11135.exe
3620	Unicorn-54280.exe
3544	Unicorn-34414.exe
2148	Unicorn-25220.exe
1372	Unicorn-25220.exe
3668	Unicorn-46195.exe
4836	Unicorn-59930.exe
2196	Unicorn-6527.exe
932	Unicorn-35862.exe
4380	Unicorn-59812.exe
3488	Unicorn-35116.exe
2268	Unicorn-16733.exe
1616	Unicorn-18514.exe
4568	Unicorn-2998.exe
1692	Unicorn-29252.exe
4352	Unicorn-47487.exe
392	Unicorn-1815.exe
2388	Unicorn-20189.exe
2916	Unicorn-22044.exe
4964	Unicorn-9599.exe
1224	Unicorn-17768.exe
2476	Unicorn-47103.exe
764	Unicorn-1166.exe
3548	Unicorn-22406.exe
4288	Unicorn-29257.exe
4436	Unicorn-36142.exe
3008	Unicorn-8914.exe
4576	Unicorn-7783.exe
3408	Unicorn-56984.exe
3704	Unicorn-40456.exe
2948	Unicorn-20590.exe
452	Unicorn-3507.exe
4300	Unicorn-3242.exe
3676	Unicorn-49179.exe
3820	Unicorn-62914.exe
548	Unicorn-29356.exe
4836	Unicorn-54415.exe
4332	Unicorn-53860.exe
2988	Unicorn-33056.exe
2492	Unicorn-53668.exe
2924	Unicorn-4467.exe
2432	Unicorn-14673.exe
3212	Unicorn-4202.exe
2020	Unicorn-2229.exe
2940	Unicorn-54031.exe
4312	Unicorn-48430.exe
2688	Unicorn-64966.exe
852	Unicorn-10471.exe
396	Unicorn-45374.exe
1396	Unicorn-44104.exe
3272	Unicorn-64524.exe
3336	Unicorn-60440.exe
3020	Unicorn-36490.exe
4432	Unicorn-19408.exe
1068	Unicorn-60995.exe
4880	Unicorn-27384.exe
1228	Unicorn-64140.exe
3276	Unicorn-21253.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4388	4836	WerFault.exe	92
2176	4836	WerFault.exe	92
1608	4568	WerFault.exe	101
3476	3488	WerFault.exe	99
4916	4568	WerFault.exe	101
3652	3488	WerFault.exe	99
2704	1692	WerFault.exe	108
864	4288	WerFault.exe	121
3044	3548	WerFault.exe	119
4056	4288	WerFault.exe	121
3416	3548	WerFault.exe	119
1876	548	WerFault.exe	139
5068	4836	WerFault.exe	140
1004	764	WerFault.exe	117
2412	3212	WerFault.exe	143
5324	3704	WerFault.exe	133
5608	2512	WerFault.exe	171
6064	4836	WerFault.exe	140
5860	548	WerFault.exe	139
7792	4536	WerFault.exe	199
7344	4400	WerFault.exe	190
6040	1548	WerFault.exe	187
7244	1508	WerFault.exe	180
10060	6772	WerFault.exe	311
8232	6772	WerFault.exe	311
10864	6096	WerFault.exe	270
9168	5896	WerFault.exe	424
10092	8020	WerFault.exe	375
9744	6400	WerFault.exe	299
5556	2056	WerFault.exe	269
11084	6148	WerFault.exe	289
10524	4540	WerFault.exe	411
10516	5800	WerFault.exe	256
10508	4352	WerFault.exe	109
10500	392	WerFault.exe	110
10492	1224	WerFault.exe	115
10452	3408	WerFault.exe	132
10444	932	WerFault.exe	97
10436	7568	WerFault.exe	399
10428	1376	WerFault.exe	416
10420	5036	WerFault.exe	431
10412	628	WerFault.exe	178
10404	5844	WerFault.exe	258
10300	5648	WerFault.exe	277
3696	3892	WerFault.exe	243
9392	452	WerFault.exe	135
9432	5700	WerFault.exe	234
4048	2740	WerFault.exe	263
4032	2020	WerFault.exe	152
5684	1596	WerFault.exe	242
5596	7156	WerFault.exe	387
4832	2740	WerFault.exe	263
11504	4540	WerFault.exe	411
12360	4644	WerFault.exe	452
12700	6236	WerFault.exe	445
12692	8116	WerFault.exe	418
12600	6156	WerFault.exe	389
12552	7240	WerFault.exe	429
12544	8608	WerFault.exe	493
12536	7492	WerFault.exe	456
12428	8460	WerFault.exe	521
12992	8020	WerFault.exe	375
12420	7732	WerFault.exe	479
12412	7812	WerFault.exe	438

System Location Discovery: System Language Discovery 1 TTPs 58 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10471.exe

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
4968	Unicorn-11135.exe
3544	Unicorn-34414.exe
3620	Unicorn-54280.exe
2148	Unicorn-25220.exe
3668	Unicorn-46195.exe
1372	Unicorn-25220.exe
4836	Unicorn-59930.exe
2196	Unicorn-6527.exe
932	Unicorn-35862.exe
3488	Unicorn-35116.exe
2268	Unicorn-16733.exe
4380	Unicorn-59812.exe
1616	Unicorn-18514.exe
4568	Unicorn-2998.exe
1692	Unicorn-29252.exe
392	Unicorn-1815.exe
4352	Unicorn-47487.exe
2388	Unicorn-20189.exe
2916	Unicorn-22044.exe
4964	Unicorn-9599.exe
1224	Unicorn-17768.exe
764	Unicorn-1166.exe
2476	Unicorn-47103.exe
4288	Unicorn-29257.exe
4436	Unicorn-36142.exe
3548	Unicorn-22406.exe
3008	Unicorn-8914.exe
4576	Unicorn-7783.exe
3408	Unicorn-56984.exe
3704	Unicorn-40456.exe
2948	Unicorn-20590.exe
452	Unicorn-3507.exe
4300	Unicorn-3242.exe
3676	Unicorn-49179.exe
3820	Unicorn-62914.exe
548	Unicorn-29356.exe
4836	Unicorn-54415.exe
4332	Unicorn-53860.exe
2988	Unicorn-33056.exe
2492	Unicorn-53668.exe
2432	Unicorn-14673.exe
3212	Unicorn-4202.exe
2924	Unicorn-4467.exe
2940	Unicorn-54031.exe
2020	Unicorn-2229.exe
4312	Unicorn-48430.exe
2688	Unicorn-64966.exe
852	Unicorn-10471.exe
396	Unicorn-45374.exe
1396	Unicorn-44104.exe
3272	Unicorn-64524.exe
3336	Unicorn-60440.exe
3020	Unicorn-36490.exe
4432	Unicorn-19408.exe
1068	Unicorn-60995.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 4968	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	82
PID 3972 wrote to memory of 4968	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	82
PID 3972 wrote to memory of 4968	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	82
PID 4968 wrote to memory of 3620	4968	Unicorn-11135.exe	85
PID 4968 wrote to memory of 3620	4968	Unicorn-11135.exe	85
PID 4968 wrote to memory of 3620	4968	Unicorn-11135.exe	85
PID 3972 wrote to memory of 3544	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	86
PID 3972 wrote to memory of 3544	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	86
PID 3972 wrote to memory of 3544	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	86
PID 3620 wrote to memory of 2148	3620	Unicorn-54280.exe	89
PID 3620 wrote to memory of 2148	3620	Unicorn-54280.exe	89
PID 3620 wrote to memory of 2148	3620	Unicorn-54280.exe	89
PID 3544 wrote to memory of 1372	3544	Unicorn-34414.exe	90
PID 3544 wrote to memory of 1372	3544	Unicorn-34414.exe	90
PID 3544 wrote to memory of 1372	3544	Unicorn-34414.exe	90
PID 4968 wrote to memory of 3668	4968	Unicorn-11135.exe	91
PID 4968 wrote to memory of 3668	4968	Unicorn-11135.exe	91
PID 4968 wrote to memory of 3668	4968	Unicorn-11135.exe	91
PID 3972 wrote to memory of 4836	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	92
PID 3972 wrote to memory of 4836	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	92
PID 3972 wrote to memory of 4836	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	92
PID 2148 wrote to memory of 2196	2148	Unicorn-25220.exe	96
PID 2148 wrote to memory of 2196	2148	Unicorn-25220.exe	96
PID 2148 wrote to memory of 2196	2148	Unicorn-25220.exe	96
PID 3620 wrote to memory of 932	3620	Unicorn-54280.exe	97
PID 3620 wrote to memory of 932	3620	Unicorn-54280.exe	97
PID 3620 wrote to memory of 932	3620	Unicorn-54280.exe	97
PID 1372 wrote to memory of 4380	1372	Unicorn-25220.exe	98
PID 1372 wrote to memory of 4380	1372	Unicorn-25220.exe	98
PID 1372 wrote to memory of 4380	1372	Unicorn-25220.exe	98
PID 3668 wrote to memory of 3488	3668	Unicorn-46195.exe	99
PID 3668 wrote to memory of 3488	3668	Unicorn-46195.exe	99
PID 3668 wrote to memory of 3488	3668	Unicorn-46195.exe	99
PID 4968 wrote to memory of 2268	4968	Unicorn-11135.exe	100
PID 4968 wrote to memory of 2268	4968	Unicorn-11135.exe	100
PID 4968 wrote to memory of 2268	4968	Unicorn-11135.exe	100
PID 3972 wrote to memory of 1616	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	102
PID 3972 wrote to memory of 1616	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	102
PID 3972 wrote to memory of 1616	3972	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	102
PID 3544 wrote to memory of 4568	3544	Unicorn-34414.exe	101
PID 3544 wrote to memory of 4568	3544	Unicorn-34414.exe	101
PID 3544 wrote to memory of 4568	3544	Unicorn-34414.exe	101
PID 2196 wrote to memory of 1692	2196	Unicorn-6527.exe	108
PID 2196 wrote to memory of 1692	2196	Unicorn-6527.exe	108
PID 2196 wrote to memory of 1692	2196	Unicorn-6527.exe	108
PID 2148 wrote to memory of 4352	2148	Unicorn-25220.exe	109
PID 2148 wrote to memory of 4352	2148	Unicorn-25220.exe	109
PID 2148 wrote to memory of 4352	2148	Unicorn-25220.exe	109
PID 932 wrote to memory of 392	932	Unicorn-35862.exe	110
PID 932 wrote to memory of 392	932	Unicorn-35862.exe	110
PID 932 wrote to memory of 392	932	Unicorn-35862.exe	110
PID 3620 wrote to memory of 2388	3620	Unicorn-54280.exe	111
PID 3620 wrote to memory of 2388	3620	Unicorn-54280.exe	111
PID 3620 wrote to memory of 2388	3620	Unicorn-54280.exe	111
PID 4380 wrote to memory of 2916	4380	Unicorn-59812.exe	112
PID 4380 wrote to memory of 2916	4380	Unicorn-59812.exe	112
PID 4380 wrote to memory of 2916	4380	Unicorn-59812.exe	112
PID 2268 wrote to memory of 4964	2268	Unicorn-16733.exe	113
PID 2268 wrote to memory of 4964	2268	Unicorn-16733.exe	113
PID 2268 wrote to memory of 4964	2268	Unicorn-16733.exe	113
PID 1616 wrote to memory of 1224	1616	Unicorn-18514.exe	115
PID 1616 wrote to memory of 1224	1616	Unicorn-18514.exe	115
PID 1616 wrote to memory of 1224	1616	Unicorn-18514.exe	115
PID 1372 wrote to memory of 2476	1372	Unicorn-25220.exe	116

C:\Users\Admin\AppData\Local\Temp\34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
"C:\Users\Admin\AppData\Local\Temp\34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 552
        7⤵
        Program crash
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        9⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
        10⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        11⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 616
        11⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 624
        10⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 724
        9⤵
        Program crash
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        7⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        9⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        10⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 732
        10⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        9⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        9⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 636
        9⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 72
        10⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        9⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        7⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        8⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 636
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        7⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        7⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        11⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        12⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 720
        12⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        11⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        11⤵
        
        PID:14356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 740
        10⤵
        Program crash
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        9⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
        10⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 636
        11⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        10⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        9⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        9⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        9⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        11⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 636
        10⤵
        
        PID:14292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 664
        9⤵
        Program crash
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        8⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 644
        9⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
        8⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 716
        7⤵
        Program crash
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 636
        10⤵
        Program crash
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 636
        10⤵
        Program crash
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        9⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        9⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
        8⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 636
        9⤵
        Program crash
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        8⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        8⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 644
        9⤵
        Program crash
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        7⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        7⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 640
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        7⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 636
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
        7⤵
        
        PID:3952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 676
        6⤵
        Program crash
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        7⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        9⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        10⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        10⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        9⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 656
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        7⤵
        
        PID:12988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 648
        6⤵
        Program crash
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        7⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 724
        7⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        6⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 636
        7⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
        6⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        6⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        5⤵
        
        PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64296.exe
        10⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 628
        12⤵
        Program crash
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 756
        11⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        10⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        10⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        8⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 640
        9⤵
        Program crash
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28363.exe
        8⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 636
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        10⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        11⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        11⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        10⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 664
        10⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 712
        9⤵
        Program crash
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 712
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        8⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 648
        9⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        8⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        8⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 640
        9⤵
        Program crash
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 668
        8⤵
        Program crash
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 668
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        9⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 632
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        7⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        6⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 624
        7⤵
        
        PID:13680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 712
        6⤵
        Program crash
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        9⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 636
        10⤵
        Program crash
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 636
        10⤵
        Program crash
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        9⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        9⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        10⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 632
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        8⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        9⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        9⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        10⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        8⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        7⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 720
        7⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        6⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        7⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 724
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        7⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        6⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        7⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14465.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        6⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 648
        7⤵
        
        PID:12388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 740
        6⤵
        
        PID:13276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 748
        5⤵
        Program crash
        
        PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        9⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37381.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        7⤵
        
        PID:12156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 736
        6⤵
        Program crash
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        6⤵
        
        PID:64
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 720
        7⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        6⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        5⤵
        
        PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        8⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 632
        7⤵
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
        6⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        7⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 548
        8⤵
        Program crash
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        6⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 640
        7⤵
        Program crash
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        6⤵
        
        PID:9848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 624
        6⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        5⤵
        
        PID:8460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 636
        6⤵
        Program crash
        
        PID:12428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 652
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
      4⤵
      PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        5⤵
        
        PID:11532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
      4⤵
      PID:10036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 720
        5⤵
        Program crash
        
        PID:3476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 764
        5⤵
        Program crash
        
        PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 636
        5⤵
        Program crash
        
        PID:3044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 652
        5⤵
        Program crash
        
        PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        8⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
        7⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        6⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        6⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        7⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        6⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        6⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 652
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        6⤵
        
        PID:2772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 752
        5⤵
        Program crash
        
        PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
      4⤵
      PID:7384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 648
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
      4⤵
      PID:13512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 640
        6⤵
        Program crash
        
        PID:1876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 640
        6⤵
        Program crash
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        6⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 632
        7⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        6⤵
        
        PID:8668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 660
        6⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        6⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 652
        7⤵
        Program crash
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        5⤵
        
        PID:4260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 636
        6⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 724
        5⤵
        Program crash
        
        PID:5068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 740
        5⤵
        Program crash
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        6⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        7⤵
        
        PID:736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 740
        6⤵
        Program crash
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        6⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        7⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        6⤵
        
        PID:10588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 760
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        5⤵
        
        PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        6⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 640
        7⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        6⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        5⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        6⤵
        
        PID:5048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 660
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        5⤵
        
        PID:5540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 724
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
      4⤵
      PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
      4⤵
      PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7171.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        9⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 648
        9⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        8⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 660
        8⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 632
        7⤵
        Program crash
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        6⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        7⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 664
        7⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        6⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        7⤵
        
        PID:12496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 748
        6⤵
        Program crash
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 748
        6⤵
        Program crash
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        5⤵
        
        PID:7656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 640
        6⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        5⤵
        
        PID:8448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 628
        5⤵
        
        PID:14300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 656
      4⤵
      Program crash
      PID:1004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
    3⤵
    PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
      4⤵
      PID:5036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 636
        5⤵
        Program crash
        
        PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
      4⤵
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
      4⤵
      PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
    3⤵
    PID:7916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 640
      4⤵
      PID:12396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
      4⤵
      PID:16028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
    3⤵
    PID:11604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
    3⤵
    PID:11844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
        7⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 636
        8⤵
        Program crash
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        7⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
        8⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        9⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 748
        9⤵
        
        PID:13556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 116 -s 660
        8⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 748
        7⤵
        Program crash
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        6⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        9⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 636
        10⤵
        Program crash
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 736
        9⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        9⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8060.exe
        8⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 640
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        7⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 664
        7⤵
        Program crash
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 632
        9⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        8⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        7⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        8⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        7⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        6⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 636
        7⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57874.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        6⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        6⤵
        Executes dropped EXE
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        9⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        9⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        8⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 504
        8⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        9⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        9⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        9⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        8⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        8⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        7⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 656
        7⤵
        
        PID:424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        6⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 720
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        6⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        5⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        7⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 632
        7⤵
        Program crash
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        7⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        7⤵
        
        PID:16336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 648
        6⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        9⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        10⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        9⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        10⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        9⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        9⤵
        
        PID:16132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 636
        8⤵
        Program crash
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        8⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 648
        7⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        7⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 636
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21711.exe
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        7⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        7⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 636
        8⤵
        Program crash
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 752
        7⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        6⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 636
        7⤵
        
        PID:11624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 744
        6⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        6⤵
        
        PID:5960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 636
        6⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        5⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        6⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        5⤵
        
        PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        5⤵
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40554.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        7⤵
        
        PID:4976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 640
        6⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        5⤵
        
        PID:7568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 632
        6⤵
        Program crash
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        5⤵
        
        PID:7492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 636
        6⤵
        Program crash
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
      4⤵
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
      4⤵
      PID:14444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4568
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 644
      4⤵
      Program crash
      PID:1608
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 680
      4⤵
      Program crash
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        9⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 632
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        7⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        7⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 636
        7⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        6⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
      4⤵
      PID:4400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 624
        5⤵
        Program crash
        
        PID:7344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 628
      4⤵
      Program crash
      PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
    3⤵
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13419.exe
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      PID:10468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 508
      4⤵
      PID:14720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
    3⤵
    PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
      4⤵
      PID:13596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
    3⤵
    PID:11168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
    3⤵
    PID:16088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 724
    3⤵
    - Program crash
    PID:4388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 724
    3⤵
    - Program crash
    PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
        7⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 632
        7⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9942.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        5⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        6⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
        5⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        6⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        5⤵
        
        PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
      4⤵
      PID:4536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 624
        5⤵
        Program crash
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
      4⤵
      PID:6812
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 636
      4⤵
      Program crash
      PID:10492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
      4⤵
      PID:1548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 544
        5⤵
        Program crash
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        6⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        5⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        6⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        5⤵
        
        PID:13928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
    3⤵
    PID:6756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
    3⤵
    PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
      4⤵
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
    3⤵
    PID:11968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4288
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 644
    3⤵
    - Program crash
    PID:864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 644
    3⤵
    - Program crash
    PID:4056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
    3⤵
    PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
    3⤵
    PID:6772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 648
      4⤵
      Program crash
      PID:8232
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 648
      4⤵
      Program crash
      PID:10060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
  2⤵
  PID:2792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47245.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47245.exe
  2⤵
  PID:6400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
    3⤵
    PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
      4⤵
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
      4⤵
      PID:12836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 752
    3⤵
    - Program crash
    PID:9744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
  2⤵
  PID:7812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 636
    3⤵
    - Program crash
    PID:12412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
  2⤵
  PID:4992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
  2⤵
  PID:12864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
  2⤵
  PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4836 -ip 4836
1⤵
PID:668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4836 -ip 4836
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3488 -ip 3488
1⤵
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4568 -ip 4568
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4568 -ip 4568
1⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3488 -ip 3488
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1692 -ip 1692
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3548 -ip 3548
1⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4288 -ip 4288
1⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4288 -ip 4288
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3548 -ip 3548
1⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4836 -ip 4836
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 548 -ip 548
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3212 -ip 3212
1⤵
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 764 -ip 764
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2512 -ip 2512
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3704 -ip 3704
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3820 -ip 3820
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4300 -ip 4300
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2512 -ip 2512
1⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3820 -ip 3820
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4300 -ip 4300
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 548 -ip 548
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4836 -ip 4836
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3212 -ip 3212
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 764 -ip 764
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2792 -ip 2792
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4296 -ip 4296
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4536 -ip 4536
1⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4400 -ip 4400
1⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1768 -ip 1768
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1136 -ip 1136
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4936 -ip 4936
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4144 -ip 4144
1⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1548 -ip 1548
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4260 -ip 4260
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5220 -ip 5220
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1960 -ip 1960
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2792 -ip 2792
1⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4536 -ip 4536
1⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5580 -ip 5580
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5464 -ip 5464
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1136 -ip 1136
1⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4936 -ip 4936
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1768 -ip 1768
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3336 -ip 3336
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2432 -ip 2432
1⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5280 -ip 5280
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4436 -ip 4436
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5276 -ip 5276
1⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 852 -ip 852
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3020 -ip 3020
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5396 -ip 5396
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5352 -ip 5352
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5660 -ip 5660
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5956 -ip 5956
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3272 -ip 3272
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5880 -ip 5880
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4284 -ip 4284
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1508 -ip 1508
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4296 -ip 4296
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4260 -ip 4260
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4400 -ip 4400
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1548 -ip 1548
1⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5220 -ip 5220
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5580 -ip 5580
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4144 -ip 4144
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1040 -ip 1040
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4732 -ip 4732
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 736 -ip 736
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 872 -ip 872
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4104 -ip 4104
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 896 -ip 896
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1228 -ip 1228
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3412 -ip 3412
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1960 -ip 1960
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3704 -ip 3704
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5464 -ip 5464
1⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4436 -ip 4436
1⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 852 -ip 852
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6032 -ip 6032
1⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5416 -ip 5416
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6180 -ip 6180
1⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6304 -ip 6304
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3336 -ip 3336
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2432 -ip 2432
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5280 -ip 5280
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5352 -ip 5352
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5276 -ip 5276
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3020 -ip 3020
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5396 -ip 5396
1⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5660 -ip 5660
1⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 3272 -ip 3272
1⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 5956 -ip 5956
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5880 -ip 5880
1⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6160 -ip 6160
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 4284 -ip 4284
1⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5828 -ip 5828
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6448 -ip 6448
1⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5544 -ip 5544
1⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1032 -ip 1032
1⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5248 -ip 5248
1⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4832 -ip 4832
1⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5592 -ip 5592
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6796 -ip 6796
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 7056 -ip 7056
1⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6240 -ip 6240
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1040 -ip 1040
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5912 -ip 5912
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4732 -ip 4732
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 872 -ip 872
1⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5128 -ip 5128
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6836 -ip 6836
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 736 -ip 736
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5496 -ip 5496
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4104 -ip 4104
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 896 -ip 896
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1228 -ip 1228
1⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3412 -ip 3412
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4380 -ip 4380
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6032 -ip 6032
1⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5416 -ip 5416
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6180 -ip 6180
1⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 6304 -ip 6304
1⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7656 -ip 7656
1⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6852 -ip 6852
1⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7424 -ip 7424
1⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7088 -ip 7088
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6812 -ip 6812
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6756 -ip 6756
1⤵
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7448 -ip 7448
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6972 -ip 6972
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6876 -ip 6876
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3772 -ip 3772
1⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6996 -ip 6996
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7400 -ip 7400
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7964 -ip 7964
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 8104 -ip 8104
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6772 -ip 6772
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6736 -ip 6736
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7112 -ip 7112
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6160 -ip 6160
1⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6448 -ip 6448
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5828 -ip 5828
1⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7936 -ip 7936
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7444 -ip 7444
1⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 5248 -ip 5248
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4832 -ip 4832
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1032 -ip 1032
1⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5544 -ip 5544
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5592 -ip 5592
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6796 -ip 6796
1⤵
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4880 -ip 4880
1⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6240 -ip 6240
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3276 -ip 3276
1⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2688 -ip 2688
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2940 -ip 2940
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4312 -ip 4312
1⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2020 -ip 2020
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2740 -ip 2740
1⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5700 -ip 5700
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 452 -ip 452
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3892 -ip 3892
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1596 -ip 1596
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5800 -ip 5800
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 4352 -ip 4352
1⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 392 -ip 392
1⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1224 -ip 1224
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3408 -ip 3408
1⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 932 -ip 932
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 7568 -ip 7568
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 7156 -ip 7156
1⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 1376 -ip 1376
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 5036 -ip 5036
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5844 -ip 5844
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 628 -ip 628
1⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4540 -ip 4540
1⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7056 -ip 7056
1⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5648 -ip 5648
1⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5912 -ip 5912
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6096 -ip 6096
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6400 -ip 6400
1⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2056 -ip 2056
1⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6148 -ip 6148
1⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6836 -ip 6836
1⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5128 -ip 5128
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 8020 -ip 8020
1⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5896 -ip 5896
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5496 -ip 5496
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 4380 -ip 4380
1⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2424 -ip 2424
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6852 -ip 6852
1⤵
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7656 -ip 7656
1⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7424 -ip 7424
1⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7088 -ip 7088
1⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6812 -ip 6812
1⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7448 -ip 7448
1⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6356 -ip 6356
1⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6952 -ip 6952
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6324 -ip 6324
1⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 6756 -ip 6756
1⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 3772 -ip 3772
1⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6972 -ip 6972
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 6876 -ip 6876
1⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6996 -ip 6996
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 7964 -ip 7964
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 8104 -ip 8104
1⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7400 -ip 7400
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6736 -ip 6736
1⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 7112 -ip 7112
1⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 2908 -ip 2908
1⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 4644 -ip 4644
1⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7384 -ip 7384
1⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 8216 -ip 8216
1⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 4260 -ip 4260
1⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7916 -ip 7916
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7812 -ip 7812
1⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7732 -ip 7732
1⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 8460 -ip 8460
1⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 7492 -ip 7492
1⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 8608 -ip 8608
1⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7240 -ip 7240
1⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6156 -ip 6156
1⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 8116 -ip 8116
1⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6236 -ip 6236
1⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 7936 -ip 7936
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7444 -ip 7444
1⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 4880 -ip 4880
1⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 3276 -ip 3276
1⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 4312 -ip 4312
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 2688 -ip 2688
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2940 -ip 2940
1⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 64 -ip 64
1⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 8212 -ip 8212
1⤵
PID:13364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 5652 -ip 5652
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 8052 -ip 8052
1⤵
PID:13316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7016 -ip 7016
1⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5552 -ip 5552
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 116 -ip 116
1⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7140 -ip 7140
1⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 8296 -ip 8296
1⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7124 -ip 7124
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 8532 -ip 8532
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 8544 -ip 8544
1⤵
PID:14644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5216 -ip 5216
1⤵
PID:14876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 8576 -ip 8576
1⤵
PID:15180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 1508 -ip 1508
1⤵
PID:15208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 8916 -ip 8916
1⤵
PID:15244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5716 -ip 5716
1⤵
PID:15272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2492 -ip 2492
1⤵
PID:15280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 7076 -ip 7076
1⤵
PID:15344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 2300 -ip 2300
1⤵
PID:15352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5264 -ip 5264
1⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7688 -ip 7688
1⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 6504 -ip 6504
1⤵
PID:14584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5068 -ip 5068
1⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4340 -ip 4340
1⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5360 -ip 5360
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 6468 -ip 6468
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1536 -ip 1536
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7580 -ip 7580
1⤵
PID:14472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6984 -ip 6984
1⤵
PID:15440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6860 -ip 6860
1⤵
PID:15768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 9092 -ip 9092
1⤵
PID:15836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 6216 -ip 6216
1⤵
PID:15844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 8232 -ip 8232
1⤵
PID:15884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6456 -ip 6456
1⤵
PID:15892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 2148 -ip 2148
1⤵
PID:15904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3008 -ip 3008
1⤵
PID:16000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 5968 -ip 5968
1⤵
PID:16276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 2924 -ip 2924
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe

Filesize
468KB

MD5
8fe5906d56a66d128ab75bed6dca4fe7

SHA1
6e896167f31091a4d2e19a2f04cf6402ec157e9e

SHA256
42d73f17309e15c85959317596653ac5f0354508e6bb6e3756fbcdf7471fdf95

SHA512
1c66c8f386e58fcba1b2b9798c15158c0e61e0fa83c175193fb9ae08e9bc9d9abca6ea0a64d1ff130857aad7d75d0869156b20fe2a7374adf93d9022adf355a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe

Filesize
468KB

MD5
7b83fa528b30d8a985c96fd6d9b3aece

SHA1
35c8eb1642138af73be657d6411a849ee5802478

SHA256
4e77bdc2ff16525ed47c77bbd5f07418cb2ad55e7a76eeeefcbb4974ee22cc80

SHA512
f88b132a5a81c0f59123aa0ea290b50854dd80d7c07257f454961f64c31bd952d82fc67331e612435c25885a28fdef3ee12f2df11a614ec90d8977e851aa6192

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe

Filesize
468KB

MD5
1fe9201e662d2197538d1d93ae480346

SHA1
a03da26b4017aafbf27043952d800dcee66113ec

SHA256
5464a587c05a72417502bddaeb5505f64a8a01bff075220f312ede2b582607c8

SHA512
d928b97e087c8e63911f53c9ab90397654d5d0bc3cb8705b6010afbcbaa805a0f75631811610d1b9e62c95fe9ad986636859758cf06ebd155d277eab3a668ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe

Filesize
468KB

MD5
c1af054901f3e36837d2ffddb84c294e

SHA1
3040575dc5397b93126b26512b992bfaaff9abef

SHA256
c2bfbbdf1b50cad384e02ddbeedc8bf3debe9345ae591b325302f3b61bd7f063

SHA512
75f08ef6b01f8cb9c5ed2980acdf77c92aa71411cf7780b1e64b84264b29c18909476b24b0474c5bad2125be61c390ab98d5968776f22abed99681a113f6412e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe

Filesize
468KB

MD5
90147473807b9ae2863687479179551b

SHA1
90e35bdfe05b49df9ca1bf3e01957ca74667af2b

SHA256
a7caad3e10b3bb033927b59e6853a83ebbfabecd54307406f82c0bd32e09df4a

SHA512
28e412b70ba84a06e38c881fe719ae35af3fb8f1e39ecf11ab9f971ece08fb1713dc495cdc31dffa15e0ef8168f66d63fb4bdac141608851069a58781e94c2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe

Filesize
468KB

MD5
dce160e6c5c4fcb0217f505995a057df

SHA1
0013a44a5a997f88b89a58a8fbd0eee0c5dd2eba

SHA256
7ef68a395dca19395cc5c3138c20705852f9840410e208f094ade5beb0738d52

SHA512
b2a4826f0ce652bcbf7d597920aaf02e7c77267c9b2a4e9f67e1febe2b8d5d9f5fc5074d2f93bacd0e51c2ac1a8e939d2806959e7d90869d12366a635abd63cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe

Filesize
468KB

MD5
f6ecda4360489198b116cb3a312442a0

SHA1
cdd9d46e3d936baa84b1ef44ef18c5122e6c6ff1

SHA256
8d29f538878b0f92f37cf8c9b342557c73147cf56f45e05bf9b17642c2f28309

SHA512
c25861d5e91fdc504c4fe8c5f28c9f156adc97577c5c432aab84be1407c860bbde00f7d729158fc0c2ac9d35fcbb0ba3bad291ae83f99105418d58aaaf1c3a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe

Filesize
468KB

MD5
176cfcd6c974f203931cde1408b2e8b0

SHA1
3d8e34a20933ca614909511d240b4853b89f478e

SHA256
9b0c4cdcee390bcc150713198329782f66696b4567d8be78bf75169fe9e47299

SHA512
8ecc498a440de475892d046386d8b7860fe0fa61588ab125ecd0419838205fe62c701d8d4fac58f77b625cd0957bbd0beb6e2bf558338db79212daf7402f6b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe

Filesize
468KB

MD5
182fbd0db532dbae801280bee0ab372c

SHA1
0af46cd59f0895f2e23fbae952f70ea040ccf483

SHA256
8f6f37fc147ab84c38bff4a05b297e3ffac5f0472d025192453174490f10ec23

SHA512
84f1e015680ec371fe2e80762c8f66e971f14412017e67798a6e014fb8f58e9a62b7520cae75936c9e2103f35eb00414149498eaaadf9f6e4c7627fa066d3da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe

Filesize
468KB

MD5
2c05ef4ec43f67b917e376a334b2a285

SHA1
2fd827fe49f74132007c63617547a6186de38626

SHA256
774f2460930396f5c3ab772744c52cfd367a1f9af706549ba0ba02b5fbea7f65

SHA512
c6291fbd0956d04f8a47b9fd00d5612a7c2047c9df3f29acd005423268d34d347885378cc92b8aae781e59c959d20f463dea626c105dc3268390c2196b98ae11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe

Filesize
468KB

MD5
6475616c8255736358c3ebc74e0b7e19

SHA1
48e2ae147f183b7366500c476846b87312d0ff1f

SHA256
f5a17a71296cf877d5930c6b042a953c2765303a57d76a02875e4bc74aa9f197

SHA512
59ce9e833400fa93618e7ca340f87b8d6fb414bec7ec162fd610acd8b0ba841a01fdf0528ba234d7eb1838a85d3a1b938b815ca3362f8ad6d53f7aac6bcf2fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe

Filesize
468KB

MD5
14498884957fc83634cd5f7abd481fa9

SHA1
29f147e587425e39e641a8eadbec28b6931021b0

SHA256
1e394eb7b0baaf925f354809661a4d01cd3b24f4d63520c9c17a61ffc01a49d8

SHA512
bff08cf0b3c8f9b555fc95e1e734474fc245ccb480dec37beb5389b890878fe0050776ca5f461c6eab91161ba5197a49aad41d905fec3958301f8a4c9114bb4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe

Filesize
468KB

MD5
a856f80f78438b0bb1ee39cf3a52bb10

SHA1
b78be413fdc88236e4d657d9ff1e8912b9867aba

SHA256
95936eddefaa0b5086ad2ebdd80bf866753fe1d18c5ba66ed2b6c22431157dad

SHA512
367d60a97296f7105a1708141469a1151c34835e505b8aed11b178459c568d05de4cbe6d9c919654fa31562c5864e04f9c8323c2118241c2fbbee2487685fbd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe

Filesize
468KB

MD5
eb936078d2fe9fc82c0ad1c13b2370b4

SHA1
3ce8201597722bf16131c20f1e8e78b0e9ed55a3

SHA256
2b09b02ce09e2392df0c7068480006d1beeb9d84f045873ab0296c98fb04d530

SHA512
c0d9f35a8263dc325b761463a2e39a9ebe26ef2985a6e80845b2fdb26f631efeca70dd8ef454840265eb9466109a1a6785ea575fc7428e4ac8b43a0e94bace14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe

Filesize
468KB

MD5
281bb1ebf4ee24ce43c23793d512d197

SHA1
e2718c1514462c53f9bb8e62452d7e76ed91ad7d

SHA256
5605301e5d681341e4ca86f3cccff74cf4af4d9d4f90bd7212c036363433856b

SHA512
1e5b42741a44ffa7eb1877edbfcb03625b287da4049ff23fc21944bd4d6cbd8f067a3072cad7b3e868d712961f9d6bf13f8fc4c394c5ecada21f7dc3baa2f97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe

Filesize
468KB

MD5
31c01ff2348f5842dfd5113b2e08597c

SHA1
b4b624e7c7e2818f29a4f72cb52af8789637548c

SHA256
7bb1df04ce9d1c37d96ca17ef0aefca45ad6a62f7207879faa731e0cbb73a07c

SHA512
1f278e408cbae30e55521ec6d11c148cc89d7daeea1a8dc1bda533f6be4bc6a80c45091976325d0f36662b3112d09909e8b04099b8ba439c3c3cf8c56b420265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe

Filesize
468KB

MD5
8c004d4690844b5e51e19a358a1a55bc

SHA1
e37ed898c77bbfa6b7f5455008461a52eb932e55

SHA256
91f9c39a2bd8f46de0dff7f36321b455ea038e12572e5c3c6e6c2f0bea1c322c

SHA512
9fc465b4f303d360c70d96fea8738350e43c750eff1e48ad56486a2b5423b2353f43872d8e118178912d0dd1b2e57d9f4cb6eb85a8b058739d2c6cbb76f6db6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe

Filesize
468KB

MD5
bb6101ab3f3beaa25aedefd94cf90ae5

SHA1
c2a20dd5d53e5305426e0da436b6720f40d23cc9

SHA256
f62ec2297863e76084f6758600be03f02e14b007b12aaf3ca9e09f0d430d3333

SHA512
b366a755d072f4021845def0950045ce9698690140afaf1554c1bc2244cf3aaa11616eb6f79046f469d9e4f82538954c3927d15f9d67e2faa0710182e2fabbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe

Filesize
468KB

MD5
d626d1fcabe26af445237ffe34bdd56f

SHA1
f1df562330ad42bfeb20f1f46464c0ed1acb9bd0

SHA256
9e5bab56b88d9f735e2f6376ea94157190602ca95565f064c33acbf6f7346120

SHA512
a93e0a1591bc66df7c1da2d07ea1d2ae0aa3d34800c0fc6e01ee54f3ec799e33dd8e66446183c043786bf80bc73b26264b80bbb5b63d529545b68fdc5aeba067

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe

Filesize
468KB

MD5
636a41d6ed9615ef83cbc7541a6220b2

SHA1
95e4223ecc020caa20769bfafca145bf370b8071

SHA256
274a35812b3c86143fbeb25f596423257333887ff4ee04c91a51bb6c13ede36b

SHA512
629ab43e5e9dba8f3fe0c848b4dc2a51ec16f5ec93ef090bbb7301a90b767989ad4a698d4d860ccb9c0a8997ef90a9e0688aa373da2c6a599c0f4e2c45a1b3ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe

Filesize
468KB

MD5
895e8db47436e365a7cf3e9e4eeb2391

SHA1
0e8e5fa697cdb66c58547008d598d145065b97b5

SHA256
21e308214d93444c198f956cf44d0967492322778aeae326f04ff614bce829d4

SHA512
edde86b46f71a1c999fa8e62782b4225f96d8cce63f4e5801b4939367c138c21c5f4343ffc2ac1c2d66329eeddd86de2c1981b08310641bdb0965bc93c062169

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe

Filesize
468KB

MD5
01404d7fb6c55895f1e6f0bdd6dca43f

SHA1
2881c35becfa742149f17eec485dc81ec6ad4ace

SHA256
ef579045e500f48b8a1eb4736d520931d82bc72e0ab969124312a003b98a6364

SHA512
37c66bbd6e88d8b083d71bbf83cdea89eab0a45c9eb537e913f57280f6055f00961d5fac773a66c06419d79addff1b94c07137efc0968346c04b444fa4a5daed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe

Filesize
468KB

MD5
a3a0113575f3637e6cfff912807bf3e3

SHA1
76cbdc661a383e30f3c4c1fb36fb6db1b06a80c6

SHA256
9b98c843a37d099bdcfb05436780fef5ab59954e061ea7fc597e5fb5cffe32ab

SHA512
4094b819e3c5fafad4fded4919a5267a16530d4ef3663674aa971c2f69403498be0937668f0f669e745aacdb099d8126c498298c073b646569feb8866908fd60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe

Filesize
468KB

MD5
1d05ba74ca0088fca1c1095f647b58cf

SHA1
96fd5657e6a2c05badbfe83fbb413030dbf305c2

SHA256
e4ad4b5bb1ffe56aff62d2b15d6eddef1da623baaa4a92972bf8ac0655f885e4

SHA512
4df163f7efef5f1b9dcc5544c1ca10873bce096090aafdbd265dd2afe391e04453b5d282eca178016cb3a2044213951577f57e998c60750a966d5e737b10a21d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe

Filesize
468KB

MD5
e020a91cf0251f9f38cac444d0117480

SHA1
beb78c37b5ca48aeeeb519cd02ba362101e29de4

SHA256
3f972b640ccbad635acc30281c2cb836698327881830f65b1dbad1dac00fbe8f

SHA512
16a7ae6b9a83cff719ded5b2ca3f90b55f4d92ad5f55dd31bf3d702a9f2a06e0d8d03cf70221a65c78524ecba3ea74be264346468ace5e0165d95e737c0321ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe

Filesize
468KB

MD5
5bfc944d751daa17ec67ba86d9960934

SHA1
8a36341bace9fe0800001fdf832de31eea7b2fe4

SHA256
c383992e5bbe548a14b2216fad68038b15886ff1325cb8fc9e0400c4e0fb218c

SHA512
76a4d93be586c476611822f5a03497d3319c5eb20b81780cbae52a590cfc227af5dab1b09f0dd4ea5bcf494d1b139023e49d6aa81f1fcd5e1ea06da8075f55ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe

Filesize
468KB

MD5
4f577d7417aa9231d849d6253c3ed649

SHA1
a14e0cc30ce333518f87361c493374b73b5e303b

SHA256
a5da5692164e5e3ff4baed361a8af0ea5b06a2a5c59c4efe7869489fe68155ce

SHA512
88c68cffb0aff44ec4a839a5b34da40b9fbe17680a66c04c2e213b235110f5ddaf3bd802973f438ddc6dc26dd580a2758a3999c3ba334058cae4998b6f141d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe

Filesize
468KB

MD5
bb6c01b25d0741b1cd86f696e11fa35d

SHA1
dc650993b1de722b9ba15b7dfa2c1b88640286a0

SHA256
cf3ee372b08804e99e2d2869ac9b5ab03ac85c9ae2f0419a14a98c7ddbbf6162

SHA512
0cf07a360a623e7bf0f104b6b6771511ae1f4de5097c54186291d5bd54a21fd9494c0bb6a852f908204ca7a5d7e07d9c3df48b376f11c9215fcc91a9dfd12dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe

Filesize
468KB

MD5
0dff231b751d65ef2c6284feebdcea4d

SHA1
78aceb9d76b2e6081da2fb0ae76af4a4fe3eaf56

SHA256
f351d8fa0f62c2cdf17bfed13c67567e7d899fa172dff2b32009a03f1f45eb58

SHA512
01c7af37f85b3babd2795d6559d36a2df6984cfb226d4c4ccb403015bd3522c901962bbd7b4d87c5fbfd0370b72e2b723f99e8298e9a223e6878142326cb6807

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe

Filesize
468KB

MD5
85d7ad21bb4e1873a491488d377ee37a

SHA1
f869f694296ff061cf78a634f2a3dab230e791e7

SHA256
5ea68e3f623b4a8d3f91f238084d4edec0f2cb9981c1256a9efe57d0de26806a

SHA512
61936a43c69f3a45eb1a7df741c0a35e43d652d62517518bd03c1d769e927a35a10642295afb55e455602f469f56e5e7827cc23390f329d162d25d5c7b702006

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe

Filesize
468KB

MD5
d7541430afa46a90885b0a4e8d750891

SHA1
3d20c3745b120e160fb5b8d739a95fff4d2ceb99

SHA256
2436ea56c13d3bbe144bf303358e017fb14906992748b7a1b95ace11b5af21ce

SHA512
4177d810ebd455799382bddec46be82e428e9b6f82d951f08fcf20284a5eba172c1625314ea30a16a3eadeaf87f2050a15d1435e103a2ef252ed42d81238435a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe

Filesize
468KB

MD5
69ce9dc6d0d4fad34b14bacdfb802201

SHA1
41820b6f648ea43bb6d572da0570d29116583aa2

SHA256
9851684fe487004ecb50f115738d2fd6e39988a1424b8c7d6a9470fe24726548

SHA512
7d8d4b116692c40187c63faf5fd74148e3869d8bc4f23e024fa7763fec1359ca93e68a224153cd44ed0296281a184630c5c4cdea58ef17cb772f8c4ecfc739c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe

Filesize
468KB

MD5
3d4f82e806964b9dc62f8f7092fe5f8d

SHA1
d7c6e84ebeea555a1e19cf53ddca0fe0eee9cba9

SHA256
461d6449cf7c9909368f6306674e2c111b1d6150fe0ec3be80e9f7d27226dcec

SHA512
0976541997df3f221a0b0c4cc19ba44aad2e8d6e1d3a532cf373ef53d48b0b33486f5d56e4158d745b4a179e3e35c9ab939721b72302fdeb9b39772f7cfe992b

Download Submit
memory/5340-2427-0x00007FFC79450000-0x00007FFC79645000-memory.dmp

Filesize
2.0MB

Download